IncreaseChlorineLevel() That function was the core of ZionSiphon - OT malware aimed at Israeli water treatment and desalination plants, detailed in Darktrace's April 16, 2026 analysis. It appended Chlorine_Dose=10, Chlorine_Pump=ON, Chlorine_Flow=MAX, Chlorine_Valve=OPEN, RO_Pressure=80 to target config files, and wrote 100 directly to the Chlorine_Dose Modbus register. Target validation used Base64-obfuscated Israeli IPv4 ranges - 2.52.0.0/14, 79.176.0.0/13, 212.150.0.0/16 - XORed against a key of 5 derived from "Israel". Secondary checks probed for plant names like Mekorot, Sorek, Hadera; processes DesalPLC or ChlorineCtrl; and C:\DesalConfig.ini. Network discovery scanned Modbus on 502, DNP3 on 20000, S7comm on 102. Only Modbus was implemented beyond stubs. It spread via USB by copying itself as a hidden svchost.exe with malicious .lnk shortcuts, persisting in HKCU\Software\Microsoft\Windows\CurrentVersion\Run as SystemHealthCheck. Then the whole operation collapsed on an encoding mismatch. The stored tag for the IP ranges did not match the expected XOR output of "Israel". IsTargetCountry() returned false and the binary self-destructed. Base64 strings decoded from the binary: "In support of our brothers in Iran, Palestine, and Yemen against Zionist aggression. I am '0xICS'" and "Poisoning the population of Tel Aviv and Haifa". One wrong XOR tag kept the poison out of the water supply.

イスラエルの水処理・淡水化インフラを狙うOT（産業用制御機器）マルウェア「ZionSiphon」の解析レポート。国営水道会社や主要淡水化プラント名を検体にハードコードし、産業用通信プロトコル（Modbus・DNP3・S7comm）をスキャンする機能を持ちながらも、標的環境かを判定するXOR暗号の照合ロジックに数学的な矛盾があり、実行前に必ず自己削除バッチの実行処理に進んでしまうとの報告。意図的な無効化・設定不備・未完成状態のいずれかを示唆するとの評価。 【要点】 ・配置文字列にはMekorot（国営水道会社）やSorek・Hadera・Ashdod・Palmachim（主要海水淡水化プラント）、Shafdan（下水処理・再利用施設）が含まれ、DesalPLC・ChlorineCtrl等のプロセス名検索とイスラエルIP範囲のハードコード、および「0xICS」を名乗るBase64エンコード文字列も発見との記載。 ・同報告では、ICSプロトコルスキャン機能はポート502（Modbus）・20000（DNP3）・102（S7comm）の3系統を対象とし、Modbusのみレジスタ読み書き（制御機器のメモリ値を取得・書き換えるコマンド）まで実装済み、DNP3とS7commは断片的なバイト列のみで未完成との指摘。 ・同報告によると、サボタージュ機能IncreaseChlorineLevel()は淡水化関連ファイルを発見するとChlorine_Dose=10・Chlorine_Pump=ON・Chlorine_Flow=MAX・Chlorine_Valve=OPEN・RO_Pressure=80の設定ブロックを追記する構造。永続化はWindowsレジストリの自動起動エントリ（HKCU配下のRunキー）に「SystemHealthCheck」値を作成し、隠し属性付き%LocalAppData%\svchost.exeを指すとの説明。 ・国別検証関数はキー「5」でXOR演算した"Israel"の変換結果が、ハードコード値"Nqvbdk"と一致するかを確かめる設計。しかし同報告によると「この関数で"Israel"を"Nqvbdk"に変換できるXORキーは存在しない」ため照合は必ず失敗し、直後に自己削除バッチ（%TEMP%\delete.bat）が生成・実行されてサボタージュコードには到達しない構造。 ハードコードされた標的名や0xICSの署名と、XORロジック破綻・プロトコル未完成が同居する検体として、同報告はIT/OT横断の可視性と早期異常検知の重要性を指摘しています。 詳細は以下を参照。 darktrace.com/blog/inside-zi…

Keep your security systems running smoothly with ALMA's CCTV maintenance services! We offer: · Scheduled CCTV maintenance visits 🌐 almasecurity.sa #CCTVMaintenance #SecuritySystems #FaultDetection #CameraCleaning #ALMASecurity #HomeSecurity #SystemHealthCheck

So I built SystemHealthCheck so you don't have to guess. One PowerShell command and: -CPU load -Memory usage -Disk space (all drives) -System uptime -Optional HTML export Facts in 5 seconds.

It is not you, it's your computer #riversidecitycollege #rcc #cyberdefense #computerefficiency #taskmanager #techtroubles #laptoplag #optimizeyourdevice #techtuneup #digitalmaintance #performanceboost #systemhealthcheck #effiencyera

Keep @Yardi running at peak performance. Call Assetsoft for a full system check. #Assetsoft #YardiOptimization #SystemHealthCheck #PropTech #YardiExperts #DigitalTransformation #RealEstateTechnology

#Cybersecurity support in #London with full #systemhealthcheck for your network, computers and applications. Remove #viruses, #spyware, #trojans and malware that can harm your system or steal #data. Protect your #computers from #cyberthreats: bit.ly/2DcN9oI @solidrockits

#Cybersecurity support in #London with full #systemhealthcheck for your network, computers and applications. Remove #viruses, #spyware, #trojans and malware that can harm your system or steal #data. Protect your #computers from #cyberthreats: bit.ly/2DcN9oI @solidrockits

#Cybersecurity support in #London with full #systemhealthcheck for your network, computers and applications. Remove #viruses, #spyware, #trojans and malware that can harm your system or steal #data. Protect your #computers from #cyberthreats: bit.ly/2DcN9oI @solidrockits

Happy new year! With a new year, comes new challenges. We’re here to ensure your technology stack isn’t one of them. That’s why we’re offering you a free system health check to kick start your year. formuspro.com/what-we-do/dyn… #SystemHealthCheck #NewYear #Microsoft #Dynamics365

Get more BANG for your buck this bonfire night, with our free one-day health checks! Our software specialists will search your system for errors and missed opportunities, re-igniting your system’s potential: hubs.ly/Q02WXPzx0 #HRTech #PayrollTech #SystemHealthCheck

Are you unhappy or unsure of your current CRM or ERP system performance? Try out our System Health Check and find out if anything could improve, and if so. How. formuspro.com/what-we-do/dyn… #ERP #CRM #SystemHealthCheck #HealthCheck #BusinessApplications

👉 Ready to optimize your operations? Take our IT assessment and receive a FREE 30-minute consultation with one of our experts. 👇👇👇 solitaireconsulting.hubspotp… #solitaireconsulting #ITassessment #changemanagement #fintech #BusinessContinuity #SystemHealthCheck

The strength of your business lies in the reliability of your core systems. Regular system health checks are more than just maintenance—they are a strategic move. Take the survey solitaireconsulting.hubspotp… #solitaireconsulting #BusinessContinuity #SystemHealthCheck

Often we see systems slow down in development over time, pressing on the break instead of the accelerator. A regular 'health check' on your systems could ensure you get the most from the software you use buff.ly/3VeGxxl #SystemHealthCheck #Dynamics365 #Implementation

Post #implementation you can often lose sight of why you started your #DigitalTransformation journey, and things often begin to slow down. Our #SystemHealthCheck is designed to ensure you map out how to keep growing your systems in the future. formuspro.com/what-we-do/dyn…

Are you unhappy or unsure of your current #CRM or #ERP system performance? Try out our Dynamics 365 System Health Check and find out if anything could improve, and if so. How. #SystemHealthCheck #Dynamics365 #Implementation formuspro.com/what-we-do/dyn…

It’s easy to get caught up in the day to day running of your business once you get past the #implementation stage of any project. But how can you keep on track? A #SystemHealthCheck could ensure that you stay on track, and continually evolve #Dynamics365 formuspro.com/what-we-do/dyn…

✔ Secure a System Health Check today: Ensure your technology investments deliver maximum value. Take the survey to find out how to enhance your business operations: 👇👇👇 solitaireconsulting.hubspotp… #solitaireconsulting #healthcheck #BusinessContinuity #SystemHealthCheck

Schedule a health check today and keep your software running smoothly, protecting your business from hidden threats. Leave the request on our website, and we'll provide you with all the details: surl.li/tmavz #IntexSoft #SystemHealthCheck #HealthCheck #SoftwareSafety