The PolySwarm Blog

Verticals Targeted: Water, Critical Infrastructure
Regions Targeted: Israel

Executive Summary

ZionSiphon is an OT-focused malware sample designed to identify and interact with water treatment and desalination environments. It was used to target water treatment systems in Israel. Although the analyzed version appears partially non-functional, it demonstrates ICS-aware targeting, industrial protocol interaction, and politically motivated intent. The sample provides insight into evolving adversary interest in manipulating systems that underpin critical infrastructure operations.

Verticals Targeted: Food & Beverage
Regions Targeted: Southeast Asia
Related Families: Inc

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: BluelineStealer, ChromElevator

Verticals Targeted: Financial, Cryptocurrency
Regions Targeted: Austria, Global
Related Families: None

Verticals Targeted: Financial
Regions Targeted: Asia
Related Families: Fog Ransomware

Executive Summary

AdaptixC2, an open-source command-and-control framework, has emerged as a potent tool for threat actors, enabling file manipulation, data exfiltration, and covert network communication in attacks. Its modular design and AI-assisted deployment methods underscore the need for robust defenses to counter its evolving tactics.

Verticals Targeted: Not specified 
Regions Targeted: US
Related Families: CastleLoader

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: AHK Bot, Skitnet/Bossnet

Verticals Targeted: Public Sector, Aviation
Regions Targeted: Middle East
Related Families: None

Executive Summary

Charon is a new ransomware family employing advanced APT-style techniques, targeting Middle Eastern public sector and aviation organizations with tailored ransom demands. Its sophisticated attack chain, including DLL sideloading and process injection, underscores the growing convergence of ransomware and APT tactics.