Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

ZionSiphon OT sabotage malware targeting water treatment and desalination systems

Malware Activity
First reported
Last updated
Happening score
H score 19
2 unique sources, 2 articles

Summary

Hide ▲

The ZionSiphon malware has been identified as a new OT-focused threat that could sabotage water treatment and desalination systems by altering chlorine levels and hydraulic pressures. Its targeting logic checks for Israeli IP ranges and water/OT software artifacts, indicating a focus on Israel. The current build is not operational because a broken XOR-based validation step triggers self-destruction instead of payload execution. Even so, the malware includes USB propagation through a hidden `svchost.exe` copy and malicious shortcuts, and it shows partial support for Modbus, DNP3, and S7comm.

Related Happenings

RondoDox botnet payload deployment in December 2025

Malware Activity
First: 01.01.2026 11:19 Last: 01.01.2026 11:19 Sources 1

About this happening: The **RondoDox** botnet was actively dropping **cryptocurrency miners**, the **/nuts/bolts** loader and health checker, and the **/nuts/x86** Mirai variant onto infected devices i...

Open Happening

Timeline

  1. 17.04.2026 01:04 2 articles · 1mo ago

    Darktrace analyzes ZionSiphon OT sabotage malware

    Technical Analysis Update

    Darktrace analyzed ZionSiphon, an OT-focused malware targeting water treatment and desalination environments, with IP checks and embedded strings suggesting Israeli targets. The sample currently fails validation because of an XOR mismatch that triggers self-destruction instead of payload execution, but it already includes configuration tampering to raise chlorine levels and RO pressure, partial Modbus support, and USB propagation via hidden `svchost.exe` copies and malicious shortcut files.

    Show sources
    Open in new tab