Destructive Lotus Wiper Targets Venezuelan Energy Sector Amid Geopolitical Tensions

Destructive Lotus Wiper Targets Venezuelan Energy Sector Amid Geopolitical Tensions

First seen 21 Apr 2026, 19:00 UTC SecurelistBleepingcomputerSecurityaffairs.CoThehackernewsGbhackers+4 86% similarity 77.9

Article Content

Browse articles
ThreatCluster

In late 2025 and early 2026, a new data-wiping malware known as Lotus Wiper was identified targeting the energy and utilities sector in Venezuela. The malware was uploaded to a public platform in mid-December 2025 and is believed to be linked to geopolitical tensions in the region, particularly following the capture of Nicolás Maduro on January 3, 2026. The attack method involves two batch scripts that weaken system defenses and prepare the environment for the wiper payload, which completely erases data and recovery options from affected systems. The Lotus Wiper operates by overwriting physical drives and systematically deleting files, rendering systems unrecoverable. Kaspersky researchers have analyzed the malware and provided recommendations for monitoring and detection. The attacks have raised concerns about the security of critical infrastructure in Venezuela, particularly the state-owned oil company PDVSA, which suffered a cyberattack around the same time. No financial motives were identified in the malware's design, indicating a politically motivated attack. The situation remains critical as organizations in the sector assess their defenses against such threats.

Key Points: • Lotus Wiper targets Venezuela's energy sector, erasing data beyond recovery. • The malware is linked to geopolitical tensions and was uploaded in December 2025. • Kaspersky recommends monitoring for specific precursors to detect similar attacks.

ThreatCluster AI

Timeline

2025-12-15
Lotus Wiper malware uploaded to public platform.
2026-01-03
Nicolás Maduro captured amid regional tensions.
2026-04-21
Kaspersky publishes analysis of Lotus Wiper.

Community

Browse all →