VulnHub

Real-time Cybersecurity News

Venezuela energy sector targeted by highly destructive Lotus wiper

Security Affairs
Actively Exploited
MalwareCriticalKaspersky

Overview

In a significant cyberattack, the Lotus Wiper malware targeted Venezuela's energy sector, causing extensive damage to critical infrastructure. Researchers from Kaspersky reported that attackers first executed batch scripts to disable security measures and prepare the systems for the wiper's deployment. Once the environment was compromised, the wiper erased all data, making recovery impossible. This assault on the energy and utilities sector comes amid rising regional tensions, highlighting vulnerabilities in critical infrastructure. The incident raises concerns about the potential for similar attacks in other regions, emphasizing the need for enhanced cybersecurity measures in vital sectors.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Venezuelan energy systems, utilities sector
  • Action Required: Strengthening cybersecurity defenses, implementing regular data backups, and monitoring systems for unusual activity.
  • Timeline: Ongoing since 2025

Original Article Summary

Lotus Wiper hit Venezuelan energy systems, used scripts to disable defenses, then erased all data beyond recovery. Kaspersky researchers found Lotus Wiper targeting Venezuela’s energy and utilities sector amid regional tensions in 2025–2026. Attackers first used batch scripts to weaken systems, disable defenses, and prepare the environment. Then they deployed the wiper, which erased recovery […]

Impact

Venezuelan energy systems, utilities sector

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since 2025

Remediation

Strengthening cybersecurity defenses, implementing regular data backups, and monitoring systems for unusual activity.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware, Critical, Kaspersky.

Read Original Article

Related Coverage

Mirai Botnet Targets Flaw in Discontinued D-Link Routers

SecurityWeek

The Mirai botnet is exploiting a command injection vulnerability found in certain discontinued D-Link routers. This issue emerged about a year after the vulnerability was publicly disclosed and proof-of-concept exploit code was released. Users of these routers are at risk, as the botnet can take control of the devices, potentially turning them into part of a larger network for launching attacks. The fact that these routers are no longer supported by D-Link means that affected users will not receive any official security updates or patches, leaving them vulnerable. It's crucial for individuals and organizations still using these routers to take immediate action to secure their networks, as the exploitation is ongoing.

Apr 22, 2026

Claude Mythos Finds 271 Firefox Vulnerabilities

SecurityWeek

A recent analysis by Claude Mythos has uncovered 271 vulnerabilities in the Firefox web browser. Mozilla has stated that these vulnerabilities could also have been identified by skilled human researchers, indicating a significant level of concern regarding the browser's security. Users of Firefox should be aware of these vulnerabilities, as they could potentially expose them to various cyber threats. The sheer number of flaws raises questions about the effectiveness of current security measures in place for the browser. Mozilla has yet to release specific details about fixes or patches to address these issues, making it critical for users to stay updated on future developments.

Apr 22, 2026

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

The Hacker News

Researchers have identified a new type of malware known as Lotus Wiper, which has been used in attacks against Venezuela's energy systems. This malware, discovered by Kaspersky, has been particularly destructive, targeting the energy and utilities sector from late last year into early 2026. The attacks utilize two batch scripts to execute the file-wiping functionality, leading to significant data loss and disruption in the affected systems. This incident is concerning as it highlights the vulnerabilities in critical infrastructure, which can have serious implications for national security and public services. With the energy sector being a vital component of any country's operations, such attacks could hinder essential services and impact everyday life.

Apr 22, 2026

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

SecurityWeek

Recent cyberattacks attributed to North Korean hackers have targeted financial organizations, particularly those involved in cryptocurrency, venture capital, and blockchain. These attacks utilize AppleScript and a tool called ClickFix to exploit vulnerabilities in macOS systems. The campaigns aim to compromise the security of these entities, which are often seen as lucrative targets due to the significant amounts of money involved in digital currencies and investments. This shift in tactics marks a concerning trend in how threat actors approach financial institutions, making it crucial for companies in these sectors to strengthen their cybersecurity measures.

Apr 22, 2026

Researchers Uncover ProxySmart Software Powering 90+ SIM Farms

Infosecurity Magazine

Researchers from Infrawatch have identified the ProxySmart platform as a key enabler for more than 90 SIM farms, which are operations that use many SIM cards to perform automated tasks like sending spam or engaging in fraudulent activities. The ProxySmart software allows these SIM farms to operate at an 'industrial scale,' raising concerns about the potential for widespread abuse, particularly in the realms of online fraud and bot activity. This discovery is significant as it shows how easily accessible tools can facilitate large-scale cybercriminal operations, impacting businesses and consumers alike. As SIM farms can bypass traditional security measures, this poses a challenge for telecommunications companies and law enforcement trying to combat fraud and maintain network integrity.

Apr 22, 2026

The AI era demands a different kind of CISO

CyberScoop

The article discusses the evolving role of Chief Information Security Officers (CISOs) in the context of rapidly advancing AI technologies. With attackers now able to exploit vulnerabilities within minutes, traditional security audits are becoming outdated. CISOs are urged to move towards real-time monitoring and awareness to keep pace with these threats. This shift is crucial as organizations face increasing risks from sophisticated cyber attacks that can bypass static defenses. The call for change emphasizes the need for CISOs to adapt their strategies to ensure better protection for their organizations.

Apr 22, 2026