Industrial cybersecurity firm Dragos on Thursday pushed back against alarm over ZionSiphon, a piece of malware purportedly designed to sabotage Israeli water desalination facilities, calling it a poor attempt at generating OT (operational technology) malware using a LLM (large language model) whose code is broken and shows little to no knowledge of dam desalination or ICS protocols. Dragos said the malware would fail to cause any significant negative consequence in an OT environment and is not a credible threat to dam desalination facilities or any critical infrastructure, a direct rebuttal to Darktrace’s analysis, which Dragos says mistakenly overstated ZionSiphon’s disruptive potential.
Dragos warned that defenders responsible for protecting water treatment facilities and other critical infrastructure have finite time and attention, and that spending either on ZionSiphon means spending less on proven threat groups like VOLTZITE, which have a demonstrated history of intrusions into those environments.
“ZionSiphon is a poor attempt at generating OT malware using an LLM. The code is broken and shows little to no knowledge of dam desalination or ICS protocols,” Jimmy Wylie, a technical lead malware analyst at Dragos, wrote in a company blog post. ”It would fail to cause any significant negative consequence in the OT environment, much less set unsafe chlorine levels. ZionSiphon is not a credible threat to dam desalination facilities or any critical infrastructure.”
He pointed out that current reporting accurately notes that ZionSiphon requires only a minor fix to its targeting logic to execute. But, even with that fix, the follow-on code is riddled with logic errors and invalid assumptions and would fail to achieve its intended objective. In other words, the error in targeting logic is only one of many problems.
Summarizing the major issues identified in the analysis, Wylie said the malware’s geofenced execution logic and IP address checks are incorrect. The mechanisms used to identify dam or desalination-related hosts are also ineffective, as the Windows process names and directory paths referenced appear fictional and likely generated guesses.
He added that efforts to manipulate chlorine levels through configuration files and Modbus TCP are similarly flawed, with nonexistent file paths and unrealistic protocol implementation. The code intended to identify Modbus TCP, DNP3, and S7Comm devices shows limited maturity and is, in some cases, incorrect. Even standard malware functions reflect these shortcomings, with both the USB infection method and self-destruct routines exhibiting logic errors or weak implementation.
“Making this sample ‘production-ready’ requires far more than a simple code change,” Wylie detailed. “The adversary needs to research dam desalination, water treatment, and, more importantly, research the specific victim and desalination process they intend to disrupt. This is easily months of effort and likely requires an intrusion into the victim’s environment to collect the necessary information.”
Wylie noted that whether it’s Modbus TCP exploitation tools, in-development OT penetration-testing frameworks, or LLM-generated attempts to create ICS attack tools, Dragos analysts regularly encounter offensive OT samples in malware repositories.
“Like ZionSiphon, many of them do not work and pose no immediate concern for defenders. Those responsible for protecting water treatment facilities and other critical infrastructure have finite time and attention,” he added. “Spending either on ZionSiphon means spending less on threat groups like VOLTZITE, which have a demonstrated history of intrusions into those environments and are a far more pressing concern. Defenders are better served focusing on these proven threats, rather than malware that poses no credible threat to their environment.”
The post said that the company also avoided an overly technical discussion of how ICS malware is assessed to facilitate clearer communication. “Technically speaking, in our malware framework, we would say ZionSiphon has malicious intent but lacks ICS-capability and the ability for adverse effects on an OT environment. For this reason, Dragos doesn’t assess ZionSiphon as a credible OT malware threat.”
