{"id":234534,"date":"2026-04-22T06:55:00","date_gmt":"2026-04-22T10:55:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/22\/lotus-wiper-malware-targets-venezuelan-energy-systems-in-destructive-attack\/"},"modified":"2026-04-22T23:15:10","modified_gmt":"2026-04-23T03:15:10","slug":"lotus-wiper-malware-targets-venezuelan-energy-systems-in-destructive-attack","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/22\/lotus-wiper-malware-targets-venezuelan-energy-systems-in-destructive-attack\/","title":{"rendered":"Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/lotus-wiper-malware-targets-venezuelan.html\">Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/lotus-wiper-malware-targets-venezuelan.html\">https:\/\/thehackernews.com\/2026\/04\/lotus-wiper-malware-targets-venezuelan.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-22 06:55:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Apr 22, 2026<\/span><\/span><span class=\"p-tags\">Malware \/ Critical Infrastructure<\/span><\/p>\n<p>Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026.<\/p>\n<p>Dubbed <strong>Lotus Wiper<\/strong>, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector in Venezuela, per findings from Kaspersky.<\/p>\n<p>&#8220;Two batch scripts are responsible for initiating the destructive phase of the attack and preparing the environment for executing the final wiper payload,&#8221; the Russian cybersecurity vendor said. &#8220;These scripts coordinate the start of the operation across the network, weaken system defenses, and disrupt normal operations before retrieving, deobfuscating, and executing a previously unknown wiper.&#8221;<\/p>\n<p>Once deployed, the wiper erases recovery mechanisms, overwrites the content of physical drives, and systematically deletes files across affected volumes, effectively leaving the system in an inoperable state.<\/p>\n<p>No extortion or payment instructions are baked into the artifact, indicating that the aggressive wiper activity is not motivated by financial gain. It&#8217;s worth noting that the wiper was uploaded to a publicly available platform in mid-December 2025 from a machine in Venezuela, weeks before the U.S. military action in the country in early January 2026. The sample was compiled in late September 2025.<\/p>\n<p>It&#8217;s currently not known if these two events are related, but Kaspersky noted that the sample was uploaded &#8220;during a period of increased public reports of malware activity targeting the same sector and region,&#8221; suggesting the wiper attack is extremely targeted in nature.<\/p>\n<p>The attack chain begins with a batch script that triggers a multi-stage sequence responsible for dropping the wiper payload. Specifically, it attempts to stop the Windows Interactive Services Detection (UI0Detect) service, which is used to alert users when a background service running in Session 0&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/lotus-wiper-malware-targets-venezuelan.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack https:\/\/thehackernews.com\/2026\/04\/lotus-wiper-malware-targets-venezuelan.html Publish Date: 2026-04-22 06:55:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":234535,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhANfDCr_4asg41Zj98h_tyRYig7XZGWHyCgPXHcVUvax_31CDUNrmrUp9rBFZK0u0Ai97i5pUlapu4ePRoBQAzvxt-KX3u80dTOjzyPPOOGzuCUmBZgaczzHisujoEXmfO08HtxqTbkAYBRI7JdBKffmATJHHM4uDe2RDsPyC11CkgenulBnQ7ZhyH8m-t\/s1600\/wiper-malware.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32],"class_list":["post-234534","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/234534"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=234534"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/234534\/revisions"}],"predecessor-version":[{"id":234536,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/234534\/revisions\/234536"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/234535"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=234534"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=234534"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=234534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}