"ZionSiphon has many capabilities typically seen in commodity malware, but it caught analysts' attention due to functionality aimed at operational technology (OT), specifically industrial control systems (ICS)."
"Once it verifies that it's running with admin privileges and establishes persistence, the malware executes a function to fetch the local IP address and determine whether the compromised host is located in Israel."
"If these conditions are met, the malware looks for local configuration files associated with water treatment processes and attempts to alter them to increase chlorine doses and pressure."
"The payload only activates if the country is Israel and the system is associated with a water treatment plant. If these conditions are not met, the malware deletes itself from the device."
ZionSiphon is a malware strain targeting water treatment and desalination plants in Israel, developed by anti-Israel hackers. It verifies admin privileges and checks for local IP addresses to confirm if the compromised host is in Israel. The malware scans for processes linked to water treatment and attempts to alter configuration files to increase chlorine doses and pressure. It can also spread via USB drives and activates only if specific conditions related to Israel and water facilities are met.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]