The article primarily discusses the ZionSiphon malware, which targets ICS/SCADA systems in water facilities with the aim of disrupting chlorine levels, but analysts from Dragos and Darktrace downplay its immediate threat due to broken, likely AI-generated code that renders it dysfunctional. The article also mentions a separate, successful attack using the FIRESTARTER malware via Cisco ASA vulnerabilities CVE-2025-20333 (CVSS 9.9 CRITICAL) and CVE-2025-20362 (CVSS 6.5 MEDIUM). Affected Cisco ASA software versions include 9.12 through <9.12.4.72, 9.14 through <9.14.4.28, 9.16 through <9.16.4.85, and others as listed in the NVD data; the fixed versions for these branches are 9.12.4.72, 9.14.4.28, and 9.16.4.85 respectively.
Malware , Threat Intelligence , Critical Infrastructure Security , ICS/SCADA Threat of ZionSiphon malware downplayed April 24, 2026 Share By SC Staff Dragos technical lead malware analyst Jimmy Wylie said threat groups that had launched intrusions targeting critical infrastructure, such as water treatment facilities, are more concerning compared with the recently reported ZionSiphon malware targeting Israeli water facilities, reports CyberScoop . Media outlets and threat intelligence firms have hyped the dangers of ZionSiphon which targets industrial control systems and operational technology environments and aims to poison water supplies and disrupt chlorine levels even though the malware posed no threat to water plants in Israel or elsewhere, according to Wylie, who emphasized the need to prioritize more tangible threats. "The code is broken and shows little to no knowledge of dam desalination or ICS protocols," Wylie wrote. Researchers at Darktrace, the firm that first discovered the malware, noted that the sample appeared to have an incorrect configuration and is dysfunctional. AI appeared to be used in generating most of the code, which led to errors and fake configuration files for chlorine manipulation. SC Staff Related Malware CISA: Malware attack compromises US agency via Cisco exploit SC Staff April 24, 2026 Attacks weaponizing the Cisco Adaptive Security Appliance vulnerabilities, tracked as CVE-2025-20333 and CVE-2025-20362, were reported by the Cybersecurity and Infrastructure Security Agency to have successfully compromised a federal civilian executive branch agency with the FIRESTARTER malware in September, according to The Record, a news site by cybersecurity firm Recorded Future. Data Security GopherWhisper: China-linked hackers target governments with custom Go toolkit SC Staff April 24, 2026 ESET research revealed GopherWhisper's tactics, which include deploying multiple Go-based backdoors like LaxGopher and RatGopher, along with a C++ backdoor named SSLORDoor. Malware Mustang Panda expands cyber espionage to India’s financial sector and South Korean politics SC Staff April 23, 2026 China-linked hacking group Mustang Panda has broadened its cyber espionage operations, now targeting India's financial sector and political circles in South Korea. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Backdoor Corruption Deauthentication Attack Deepfake Denial of Service Dictionary Attack Drive-by Download DumpSec Google Hacking Information Warfare You can skip this ad in 5 seconds