Lotus Wiper Malware Targets Venezuelan Energy and Utilities

A coordinated cyberattack leveraging a newly identified wiper malware, named Lotus Wiper, has struck several energy companies and utility providers in Venezuela, according to a report released by Dark Reading. The campaign appears designed to cause maximum disruption by destroying critical data on infected networks.

Security analysts have found that Lotus Wiper employs sophisticated living‑off‑the‑land (LotL) techniques, using native Windows utilities and scripts to execute its destructive payload without requiring additional implants. By abusing legitimate tools such as PowerShell, WMI and the Windows Task Scheduler, the malware evades traditional signature‑based detection and can rapidly overwrite file tables, rendering data unrecoverable.

The attack vector and payload delivery mechanisms remain under investigation, but early forensic evidence suggests the threat actors performed initial reconnaissance using spear‑phishing emails, possibly tailored to the targeted organizations. Once a foothold was established, the wiper propagated laterally across network segments, systematically wiping boot records and shadow copies to prevent recovery.

Researchers have linked the campaign to an advanced persistent threat (APT) group, noting the strategic timing and the focus on energy infrastructure as a likely geopolitical motive. Organizations are advised to enforce least‑privilege access, monitor for anomalous use of native system utilities, and maintain offline backups to mitigate the impact of similar wiper threats. Incident response teams should also incorporate threat intelligence feeds that flag known LotL patterns associated with this activity.