ZionSiphon malware designed to sabotage water treatment systems

Darktrace identified ZionSiphon, malware purpose-built to sabotage water treatment and desalination facilities by manipulating chlorine levels and hydraulic pressures. The malware currently contains a flawed XOR encryption that renders it non-functional, but a corrected variant could cause severe operational damage. Israeli water infrastructure is the confirmed target, though similar facilities worldwide should assume risk.

CRITICALAdvisoryApr 18, 2026

Action required

Immediately inventory all OT/ICS assets in water treatment environments. Hunt for ZionSiphon IOCs and suspicious geolocation checks or file validation logic in network traffic. Isolate any infected systems and escalate to facility operators and CISA.

Affected products

Darktrace

Linked articles

ZionSiphon malware designed to sabotage water treatment systems

Source links

https://www.bleepingcomputer.com/news/security/zionsiphon-malware-designed-to-sabotage-water-treatment-systems/