ZionSiphon Malware Targets Israeli Water Infrastructure for Sabotage

Severity: High (Score: 72.6)

Sources: Gbhackers, Securityaffairs.Co, Darktrace, Bleepingcomputer, Cybersecuritynews

Summary

ZionSiphon is a newly discovered malware designed to target Israeli water treatment and desalination systems. It is capable of manipulating hydraulic pressures and chlorine levels to potentially sabotage operations. The malware contains hardcoded IP ranges specific to Israel and includes political messaging indicating its ideological motivations. Researchers at Darktrace found a critical flaw in the malware's encryption logic, rendering it currently non-functional but posing a significant threat if future versions are released without this flaw being addressed. The malware's targeting mechanism checks for the presence of water-related software and configuration files, and it has a USB propagation feature to spread to air-gapped systems. Although not operational now, the potential for damage remains high if the flaws are fixed. The malware is still in early development, with only partial functionality in its code. Key Points: • ZionSiphon targets Israeli water infrastructure with sabotage capabilities. • Current version has a critical flaw preventing execution, but future variants may not. • Malware includes ideological messaging and hardcoded IPs specific to Israel.

Key Entities

• Malware (attack_type)
• Iran (country)
• Israel (country)
• Palestine (country)
• Yemen (country)
• 212.150.0.0 (ipv4)
• 212.150.255.255 (ipv4)
• 2.55.255.255 (ipv4)
• 79.176.0.0 (ipv4)
• 79.191.255.255 (ipv4)
• ZionSiphon (malware)
• T1046 - Network Service Discovery (mitre_attack)
• T1059.001 - PowerShell (mitre_attack)
• T1091 - Replication Through Removable Media (mitre_attack)
• T1547.001 - Registry Run Keys / Startup Folder (mitre_attack)
• Windows (platform)
• PowerShell (tool)