Today’s OT, ICS, and IoT security landscape reveals escalating threats targeting critical infrastructure worldwide. From sabotage-capable malware aimed at water treatment systems to advanced botnets exploiting legacy DVRs, organizations must remain vigilant. Additionally, supply chain risks and nation-state activities continue to challenge operational resilience across industrial environments.
ZionSiphon: Sabotage-Capable ICS Malware Targets Israeli Water Infrastructure
Darktrace researchers uncovered ZionSiphon, a malware engineered to manipulate chlorine dosing and hydraulic pressure within Israeli water treatment and desalination systems via industrial protocols including Modbus, DNP3, and S7comm. Although a logic flaw currently inhibits its sabotage payload, a minor code fix could enable critical disruption, highlighting the severity of this threat.
Source: Tech Jacks Solutions / Darktrace Research
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Threat actors are deploying the Nexcorium Mirai variant by exploiting a command injection vulnerability (CVE-2024-3721) in TBK DVR models, leveraging brute-force Telnet attacks and XOR-encoded configurations. The malware also targets end-of-life TP-Link routers and employs self-deletion tactics post-infection to evade detection, enabling large-scale multi-architecture DDoS operations.
Source: The Hacker News
CISA Confirms Active Exploitation of Apache ActiveMQ RCE Vulnerability (CVE-2026-34197)
CISA has added CVE-2026-34197 to its Known Exploited Vulnerabilities catalog after confirming active exploitation. This flaw allows unauthenticated attackers to execute arbitrary OS commands on Apache ActiveMQ Classic brokers via the Jolokia JMX-HTTP API in affected versions, posing significant risks to critical business and industrial process middleware.
Source: Integrity360 / CISA KEV
Iranian Threat Actors (Cyber Av3ngers) Target Rockwell Automation OT/ICS Equipment
Palo Alto Networks Unit 42 identified a new threat cluster, Cyber Av3ngers, targeting Rockwell Automation OT/ICS assets including FactoryTalk and Allen-Bradley PLCs. With over 5,600 exposed SCADA devices globally and renewed Iranian internet connectivity, this activity underscores heightened risks to industrial control systems amid geopolitical tensions.
Source: Palo Alto Networks Unit 42
Chinese Cellular Modules Pose Growing Security Risk Across US Critical Infrastructure
A Foundation for Defense of Democracies report warns that Chinese cellular modules from Quectel and Fibocom, embedded widely in US infrastructure, present increasing national security concerns. Their remote firmware update capabilities could be exploited for espionage or sabotage, prompting calls for procurement restrictions and federal audits amid a booming IoT device market.
Source: Industrial Cyber / Foundation for Defense of Democracies
Maintaining robust security across OT, ICS, and IoT environments requires continuous monitoring and proactive mitigation strategies as threat actors evolve their tactics. Stay informed and prioritize timely patching, network segmentation, and supply chain scrutiny to safeguard critical operations.
