On April 16, Darktrace released its analysis of ZionSiphon, malware with the intention of disrupting Israeli dam desalination plants, facilities that remove salt and other minerals from salt water and store the fresh water behind a dam. The analysis and subsequent reporting have mistakenly overstated ZionSiphon’s ability to disrupt ICS environments. Dragos analyzed and assessed this sample in March for our customers, and our assessment remains the same. ZionSiphon is a poor attempt at generating OT malware using an LLM. The code is broken and shows little to no knowledge of dam desalination or ICS protocols. It would fail to cause any significant negative consequence in the OT environment, much less set unsafe chlorine levels. ZionSiphon is not a credible threat to dam desalination facilities or any critical infrastructure.
Current reporting accurately notes that ZionSiphon requires only a minor fix to its targeting logic to execute. But, even with that fix, the follow-on code is riddled with logic errors and invalid assumptions and would fail to achieve its intended objective. In other words, the error in targeting logic is only one of many problems. This post avoids specific technical details, as Dragos is not in the business of fixing malware for adversaries. But here’s a summary of the major issues we found in our analysis:
- The geofenced execution and IP address checks are incorrect.
- The checks for dam desalination-related hosts are ineffective. All the Windows process names and directory paths it uses to confirm the infected host is desalination-related are fictional and likely LLM-generated guesses.
- Chlorine manipulation via configuration files and Modbus TCP is ineffective. The configuration files paths are fictional, likely LLM-generated guesses, and the Modbus TCP communication is unrealistic.
- The code to check for Modbus TCP, DNP3, and S7Comm devices is immature at best, incorrect at worst.
- When it comes to standard malware techniques, we found similar maturity issues or logic errors in the USB infection and self-destruct routines.
Making this sample “production-ready” requires far more than a simple code change. The adversary needs to research dam desalination, water treatment, and, more importantly, research the specific victim and desalination process they intend to disrupt. This is easily months of effort and likely requires an intrusion into the victim’s environment to collect the necessary information.
Whether it’s Modbus TCP exploitation tools, in-development OT penetration-testing frameworks, or LLM-generated attempts to create ICS attack tools, Dragos analysts regularly encounter offensive OT samples in malware repositories. Like ZionSiphon, many of them do not work and pose no immediate concern for defenders. Those responsible for protecting water treatment facilities and other critical infrastructure have finite time and attention. Spending either on ZionSiphon means spending less on threat groups like VOLTZITE, which have a demonstrated history of intrusions into those environments and are a far more pressing concern. Defenders are better served focusing on these proven threats, rather than malware that poses no credible threat to their environment.
We avoided an overly technical discussion of how we assess ICS Malware to facilitate easier communication. Technically speaking, in our malware framework, we would say ZionSiphon has malicious intent but lacks ICS-capability and the ability for adverse effects on an OT environment. For this reason, Dragos doesn’t assess ZionSiphon as a credible OT malware threat. More detail on how we determine whether a capability constitutes a credible ICS malware can be found in our ICS malware classification framework.
The Dragos 2026 OT/ICS Cybersecurity Year in Review covers VOLTZITE activity, behaviors, attack paths, and includes defensive recommendations. It starts on page 44.
- Learn how Littleton Electric Light and Water Departments remediated a VOLTZITE intrusion
- CISA guidance on water-related intrusions
- Additional CISA resources for water utilities
