"The malware combines privilege escalation, persistence, USB propagation, and ICS scanning with sabotage capabilities aimed at chlorine and pressure controls, highlighting growing experimentation with politically motivated critical infrastructure attacks against industrial operational technologies globally."
"The intended logic is clear: the payload activates only when both a geographic condition and an environment-specific condition related to desalination or water treatment are met."
ZionSiphon is a new malware identified as a threat to Israeli water treatment and desalination systems. It was first detected on June 29, 2025, following the Twelve-Day War. The malware is designed to establish persistence, tamper with configuration files, and scan for operational technology services. It specifically targets certain IPv4 address ranges in Israel and embeds political messages. The malware activates under specific geographic and environmental conditions, probing devices and modifying parameters related to chlorine and pressure controls.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]