AI-Generated Malware Threat to Israel’s Water Plants Debunked as 'Hype' by Dragos

Reports of a new AI-generated malware targeting Israeli water infrastructure have been dismissed as exaggerated by industrial cybersecurity firm Dragos. The malware, called ZionSiphon, was first identified by AI cybersecurity firm Darktrace, which claimed it was designed to compromise water treatment and desalination plants in Israel.

According to Darktrace, ZionSiphon was configured to sabotage chlorine levels and poison water supplies by targeting operational technology and industrial control system environments. The malware scanned the internet for IP addresses tied to Israeli water facilities and included politically themed messaging in its code, such as “In support of our brothers in Iran, Palestine, and Yemen against Zionist aggression.”

However, a technical lead malware analyst at Dragos, Jimmy Wyles, described the malware as nothing more than “hype.” Wyles argued that ZionSiphon poses no real threat to water plants in Israel or elsewhere due to its numerous flaws.

Wyles highlighted that the malware’s code was broken and demonstrated little to no understanding of operational technology in Israeli water plants. He stated, “The code is broken and shows little to no knowledge of dam desalination or ICS protocols.”

The developers of ZionSiphon appeared to have used AI to generate significant portions of the code, leading to hallucinations and errors. Wyles noted that all Windows-based process names and directory paths designed to confirm water desalination targets were filled with “fictional and likely LLM generated guesses.” Similarly, the configuration files purportedly designed to manipulate chlorine levels were also fake and likely AI-generated.

Darktrace’s analysis confirmed that the malware sample tested was dysfunctional, citing an incorrect configuration in the code’s country targeting functions. Even if correctly configured, Wyles argued that the malware would have been harmless to water treatment plants because the rest of the code was riddled with “logic errors and invalid assumptions,” making it inoperable.

Wyles also pointed out flaws in ZionSiphon’s USB infection and self-destruction capabilities. He stated that Dragos was withholding additional technical analysis of the malware’s flaws because they are “not in the business of fixing malware for adversaries.”

AI-Enabled Threats vs. Established Tactics in Industrial Cybersecurity

The episode underscores an ongoing debate in the cybersecurity community: how much attention defenders—particularly those working with operational technology (OT)—should give to novel threats like AI-enabled hacking versus established tactics used by foreign hacking groups.

Operational technology, which controls machinery in water facilities, power plants, and other industrial sectors, differs significantly from information technology environments. This disparity presents challenges for both cybersecurity defenders and malicious hackers, who often lack the industry-specific knowledge to design effective exploits.

Dragos claims there are fewer than 10 publicly known malware samples capable of threatening industrial control systems. ZionSiphon, according to Dragos, is not one of them.