Verticals Targeted: Water, Critical Infrastructure
Regions Targeted: Israel
ZionSiphon is an OT-focused malware sample designed to identify and interact with water treatment and desalination environments. It was used to target water treatment systems in Israel. Although the analyzed version appears partially non-functional, it demonstrates ICS-aware targeting, industrial protocol interaction, and politically motivated intent. The sample provides insight into evolving adversary interest in manipulating systems that underpin critical infrastructure operations.
Verticals Targeted: Government, Telecommunications, Finance, Aerospace
Regions Targeted: North America, South America, Africa, Europe, Asia
Related Families: Diaoyu Loader, ShadowGuard, Cobalt Strike, VShell
Executive Summary
A sophisticated state-aligned cyberespionage operation attributed to TGR-STA-1030 (also tracked as UNC6619) has been discovered, operating from Asia. It has compromised government and critical infrastructure entities across 37 countries over the past year while conducting reconnaissance against government infrastructure in 155 countries. The group's “Shadow Campaigns” leverage phishing, N-day exploitations, and advanced tooling to prioritize intelligence collection on economic partnerships, trade, and diplomatic activities.
Related Families: Cobalt Strike
Executive Summary
Geacon is a Cobalt Strike adaptation developed to target MacOS. Geacon versions are available to target both Apple silicon and Intel architectures.
Executive Summary
Cisco Talos recently reported on a campaign leveraging Manjusaka, a new attack framework being used in the wild that is advertised as an alternative to Cobalt Strike or Sliver.
