Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities

A Kaspersky Lab analysis details a late‑2025 destructive malware campaign against Venezuela's energy/utilities sector that used two coordinating batch scripts and living‑off‑the‑land techniques to stage and execute a previously unknown wiper named Lotus Wiper; the wiper removes recovery mechanisms, overwrites physical drives, and systematically deletes files, leaving systems unrecoverable. Timing of the samples aligns with reported disruption at PDVSA in December 2025; attribution is not provided. The report highlights the trend of nation‑state style wiper attacks against critical infrastructure and recommends segmentation, immutable backups, remote access security, and rapid detection/response.