As detailed in Security Affairs, a newly discovered malware named ZionSiphon has been identified, specifically designed to target operational technology (OT) environments within water treatment and desalination facilities. The malware’s primary objective is to disrupt critical infrastructure by manipulating hydraulic pressure and increasing chlorine levels to dangerous concentrations.ZionSiphon employs a combination of common cyberattack techniques, including privilege escalation, persistence mechanisms, and propagation via removable media, according to a report by Darktrace. It is tailored for OT systems, scanning networks for specific services and modifying configurations. The malware exhibits a clear focus on Israeli targets, indicated by hardcoded IP address ranges within its code. Analysis reveals political messaging, suggesting ideological motivations behind the attack. The malware attempts to gain administrative rights, establish persistence by mimicking system processes, and spread through USB drives. It scans for and attempts to interact with OT devices using protocols like Modbus, DNP3, and S7, with the Modbus logic appearing more developed.Despite its sophisticated design and clear intent to disrupt critical water infrastructure, the current version of ZionSiphon appears to be non-operational due to a flaw in its targeting logic. This oversight causes the malware to self-destruct before executing its payload. However, the existence of ZionSiphon highlights a concerning trend of threat actors developing and experimenting with OT-specific malware. Source:Security Affairs
More
Popular articles
Newsletter
Subscribe to get the latest news, offers and special announcements.