Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems
Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems — [https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihoHF4qP6
What’s new: Researchers have identified a new malware named ZionSiphon, specifically targeting Israeli water treatment and desalination systems. The malware is capable of establishing persistence, tampering with local configuration files, and scanning for operational technology (OT) services. It was first detected on June 29, 2025, following the Twelve-Day War between Iran and Israel. ZionSiphon includes features for privilege escalation, USB propagation, and sabotage of chlorine and pressure controls, indicating a focus on politically motivated attacks against critical infrastructure.
Who’s affected
The malware targets specific IPv4 address ranges associated with Israeli water and desalination infrastructure. Systems within these ranges may be at risk if they meet the malware’s geographic and environmental conditions.
What to do
- Monitor network traffic for unusual activity, particularly on OT systems related to water treatment and desalination.
- Implement strict access controls and segmentation for critical infrastructure networks.
- Regularly update and patch systems to mitigate vulnerabilities that could be exploited by malware.
- Conduct security assessments to identify and remediate potential weaknesses in operational technology environments.
