ZionSiphon malware designed to sabotage water treatment systems
A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations. [...]
Operational Technology controls physical processes, so cyber risks can disrupt safety, reliability, and availability across connected industrial systems.
Search across headline titles and summaries.
Background for this topic.
Operational technology (OT) comprises hardware and software that monitor and control physical processes—such as PLCs, RTUs, HMIs, SCADA, and DCS—in manufacturing, utilities, transport, and buildings. Its assets include controllers, sensors, actuators, engineering workstations, and the networks linking them. OT depends on precise timing, reliable communications, and safe states; outages or incorrect commands can stop production or affect physical safety, even when little sensitive data is involved.
Security concerns arise where OT connects to enterprise networks, vendor remote-access paths, or internet-facing services. Legacy protocols and long-lived devices may lack authentication, encryption, logging, or practical patching options. A compromise could alter setpoints, inhibit alarms, or disrupt availability, but impact depends on process design and safeguards. Defenders typically segment control networks, restrict and monitor remote access, maintain asset and dependency inventories, use passive monitoring where active scanning is risky, and test recovery and safe manual operation. Vulnerability management must account for maintenance windows, vendor support, and safety validation rather than treating every patch like IT.
Weekly headline count for the current query.
A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations. [...]
OT environments rely on aging systems, shared accounts, and remote access, making weak or reused passwords a major attack vector. Specops Software explains how stronger password policies and continuous checks for compromised credentials help secure critical OT infrastructure. [...]
Iranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. [...]
The US government is warning that pro-Russian hacktivists are seeking out and hacking into unsecured operational technology (OT) systems used to disrupt critical infrastructure operations. [...]
A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. [...]
A security report has been published on a set of 56 vulnerabilities that are collectively called Icefall and affect operational technology (OT) equipment used in various critical infrastructure environments. [...]
Pwn2Own Miami 2022 has ended with competitors earning $400,000 for 26 zero-day exploits (and several bug collisions) targeting ICS and SCADA products demoed during the contest between April 19 and April 21. [...]
A joint cybersecurity advisory issued by CISA, NSA, FBI, and the Department of Energy (DOE) warns of government-backed hacking groups being able to hijack multiple industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices. [...]