VulnHub

Real-time Cybersecurity News

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

The Hacker News
Actively Exploited
MalwareCriticalKaspersky

Overview

Researchers have identified a new type of malware known as Lotus Wiper, which has been used in attacks against Venezuela's energy systems. This malware, discovered by Kaspersky, has been particularly destructive, targeting the energy and utilities sector from late last year into early 2026. The attacks utilize two batch scripts to execute the file-wiping functionality, leading to significant data loss and disruption in the affected systems. This incident is concerning as it highlights the vulnerabilities in critical infrastructure, which can have serious implications for national security and public services. With the energy sector being a vital component of any country's operations, such attacks could hinder essential services and impact everyday life.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Venezuelan energy systems, utilities sector
  • Timeline: Newly disclosed

Original Article Summary

Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026. Dubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector in Venezuela, per findings from Kaspersky. "Two batch scripts are responsible for initiating the

Impact

Venezuelan energy systems, utilities sector

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Not specified

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware, Critical, Kaspersky.

Read Original Article

Related Coverage

Surge in Silent Subject Phishing Attacks Targets VIP Users

Infosecurity Magazine

Recent reports indicate a rise in silent subject phishing attacks specifically targeting VIP users. These attacks manage to evade traditional email filters by using blank subject lines, making them harder to detect. Attackers are employing QR codes and remote monitoring management (RMM) tools to carry out these schemes. The focus on high-profile individuals means that the potential for financial loss or data breaches is significant. As this trend grows, it is crucial for organizations to enhance their email security measures and educate users on recognizing suspicious communications.

Apr 22, 2026

Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says

SecurityWeek

The UK's cybersecurity chief has warned that British businesses must brace for potential cyberattacks from Russia, Iran, and China, especially if the country becomes involved in an international conflict. These nations are identified as the primary sources of serious cyber threats against the UK. The official emphasized the need for businesses to enhance their defenses to avoid being targeted at scale, which could disrupt operations and compromise sensitive data. This warning comes amid growing tensions globally, suggesting that the risk of cyberattacks may escalate as geopolitical situations evolve. Companies are urged to take proactive measures to safeguard their systems and data against these heightened threats.

Apr 22, 2026

New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention

SecurityWeek

A new malware strain known as Lotus Wiper has been identified targeting the Venezuelan energy sector. This malicious software is designed to disrupt recovery systems by overwriting drives and systematically deleting files, posing a significant threat to the infrastructure of the energy industry. The timing of this attack is particularly notable as it occurred just before a U.S. intervention in Venezuela, raising concerns about the geopolitical implications of cyberattacks in sensitive sectors. Energy companies in Venezuela should be particularly vigilant and assess their cybersecurity measures to protect against such destructive malware. The incident underscores the persistent risk that state-sponsored or politically motivated cyberattacks pose to critical infrastructure.

Apr 22, 2026

Mirai Botnet Targets Flaw in Discontinued D-Link Routers

SecurityWeek

The Mirai botnet is exploiting a command injection vulnerability found in certain discontinued D-Link routers. This issue emerged about a year after the vulnerability was publicly disclosed and proof-of-concept exploit code was released. Users of these routers are at risk, as the botnet can take control of the devices, potentially turning them into part of a larger network for launching attacks. The fact that these routers are no longer supported by D-Link means that affected users will not receive any official security updates or patches, leaving them vulnerable. It's crucial for individuals and organizations still using these routers to take immediate action to secure their networks, as the exploitation is ongoing.

Apr 22, 2026

Claude Mythos Finds 271 Firefox Vulnerabilities

SecurityWeek

A recent analysis by Claude Mythos has uncovered 271 vulnerabilities in the Firefox web browser. Mozilla has stated that these vulnerabilities could also have been identified by skilled human researchers, indicating a significant level of concern regarding the browser's security. Users of Firefox should be aware of these vulnerabilities, as they could potentially expose them to various cyber threats. The sheer number of flaws raises questions about the effectiveness of current security measures in place for the browser. Mozilla has yet to release specific details about fixes or patches to address these issues, making it critical for users to stay updated on future developments.

Apr 22, 2026

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

SecurityWeek

Recent cyberattacks attributed to North Korean hackers have targeted financial organizations, particularly those involved in cryptocurrency, venture capital, and blockchain. These attacks utilize AppleScript and a tool called ClickFix to exploit vulnerabilities in macOS systems. The campaigns aim to compromise the security of these entities, which are often seen as lucrative targets due to the significant amounts of money involved in digital currencies and investments. This shift in tactics marks a concerning trend in how threat actors approach financial institutions, making it crucial for companies in these sectors to strengthen their cybersecurity measures.

Apr 22, 2026