Back

Destructive Lotus Wiper Targets Venezuelan Energy Sector Amid Geopolitical Tensions

Severity: High (Score: 77.9)

Sources: www.kaspersky.com, Bleepingcomputer, Securelist, Securityaffairs.Co

Summary

In late 2025 and early 2026, a new data-wiping malware known as Lotus Wiper was identified targeting the energy and utilities sector in Venezuela. The malware was uploaded to a public platform in mid-December 2025 and is believed to be linked to geopolitical tensions in the region, particularly following the capture of Nicolás Maduro on January 3, 2026. The attack method involves two batch scripts that weaken system defenses and prepare the environment for the wiper payload, which completely erases data and recovery options from affected systems. The Lotus Wiper operates by overwriting physical drives and systematically deleting files, rendering systems unrecoverable. Kaspersky researchers have analyzed the malware and provided recommendations for monitoring and detection. The attacks have raised concerns about the security of critical infrastructure in Venezuela, particularly the state-owned oil company PDVSA, which suffered a cyberattack around the same time. No financial motives were identified in the malware's design, indicating a politically motivated attack. The situation remains critical as organizations in the sector assess their defenses against such threats. Key Points: • Lotus Wiper targets Venezuela's energy sector, erasing data beyond recovery. • The malware is linked to geopolitical tensions and was uploaded in December 2025. • Kaspersky recommends monitoring for specific precursors to detect similar attacks.

Key Entities

  • Malware (attack_type)
  • United States (country)
  • Venezuela (country)
  • kaspersky.com (domain)
  • Energy (industry)
  • Utilities (industry)
  • HermeticWiper (malware)
  • Lotus (malware)
  • Lotus Wiper (malware)
  • NotPetya (malware)
  • 0b83ce69d16f5ecd00f4642deb3c5895 (md5)
  • b41d0cd22d5b3e3bdb795f81421a11cb (md5)
  • c6d0f67db6a7dbf1f9394d98c1e13670 (md5)
  • T1059.003 - Windows Command Shell (mitre_attack)
  • T1087 - Account Discovery (mitre_attack)
  • T1485 - Data Destruction (mitre_attack)
  • T1490 - Inhibit System Recovery (mitre_attack)
  • T1543.003 - Windows Service (mitre_attack)
  • Active Directory (platform)
  • HCL Domino (platform)
  • Lotus Domino (platform)
  • Windows (platform)
  • Batch Scripts (tool)
  • Diskpart (tool)
  • Fsutil (tool)
  • Ndesign.exe (tool)
  • Nevent.exe (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed