ZionSiphon is operational technology-focused malware targeting water treatment and desalination facilities in Israel. The sample demonstrates ICS-awareness through industrial protocol interaction capabilities including Modbus, with incomplete support for DNP3 and S7comm. It incorporates geographic and environmental validation controls designed to restrict execution to Israeli water infrastructure systems. The malware attempts persistence through registry autorun entries, privilege escalation, and removable media propagation. Functionality includes network discovery of industrial devices, process manipulation targeting chlorine dosing and flow control, and configuration file modification. A critical validation flaw prevents successful execution, suggesting the analyzed sample represents incomplete development or testing. Embedded pro-Iran and anti-Israel messaging indicates politically motivated intent, though no specific threat actor attribution exists.