Lotus Wiper Malware Attacks Venezuelan Energy Systems

Cybersecurity researchers have discovered a novel malware known as Lotus Wiper. This malware has been deployed in a destructive campaign targeting the energy and utility sector in Venezuela. The attacks occurred in late 2025 and early 2026, as analysis by Kaspersky reveals. Lotus Wiper is an undocumented data wiper specifically designed to delete critical data and render systems inoperable. The malware utilizes two batch scripts that are responsible for initiating the attack.

These scripts are designed to significantly compromise the data integrity of the affected systems. The attacks on Venezuelan energy systems have already led to substantial disruptions in power supply. Reports indicate that several power plants and utility companies have been affected, resulting in an increase in power outages across various regions of the country. The exact impact on the infrastructure is not yet fully assessed. Kaspersky's security researchers have noted that Lotus Wiper has been used in a series of attacks targeting vulnerabilities in the IT systems of energy providers.

These attacks are part of a broader strategy aimed at undermining the stability of Venezuela's energy supply. The malware has been programmed to spread rapidly while infiltrating the systems of targeted organizations. Researchers have also found that Lotus Wiper is capable of embedding itself within existing networks, complicating detection and defense efforts. The attackers employ sophisticated techniques to cover their tracks. The Venezuelan government has responded to the attacks by enhancing security measures and instructing affected companies to review their systems.

However, experts warn that the threat posed by Lotus Wiper remains and that further attacks are likely if effective countermeasures are not implemented. The discovery of Lotus Wiper raises questions about cybersecurity in critical infrastructures. The incidents in Venezuela are not isolated but part of a global trend where cyberattacks on energy providers are increasing. Security analysts emphasize the need to improve security protocols in these sectors to fend off future attacks. The exact origin of the Lotus Wiper malware is still unclear.

Researchers suspect, however, that it was developed by an organized group with extensive resources and expertise. The complexity of the malware suggests it originates from actors with advanced capabilities in cybercrime. The incidents in Venezuela serve as an alarming example of the vulnerability of critical infrastructures to cyberattacks. According to Kaspersky, such attacks have increased by 23% in recent years, underscoring the urgency to strengthen security measures in this area.