ZionSiphon Malware Targets ICS in Water Facilities
securityweek
Researchers at Darktrace have discovered a new malware strain named ZionSiphon, which appears to target water treatment and desalination plants in Israel.
ZionSiphon has many capabilities typically seen in commodity malware, but it caught analysts’ attention due to functionality aimed at operational technology (OT), specifically industrial control systems (ICS).
Strings in the analyzed malware sample indicate that ZionSiphon has been developed by anti-Israel hackers, and one encoded string decodes to “Poisoning the population of Tel Aviv and Haifa”.
There are several other indicators that Israel is the malware’s main target, including strings naming water facilities in the country.
In addition, once it verifies that it’s running with admin privileges and establishes persistence, the malware executes a function to fetch the local IP address and determine whether the compromised host is located in Israel.
If the IP is associated with Israel, ZionSiphon checks the system for processes and folders ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE