Hackers deployed wiper malware in destructive attacks on Venezuela’s energy sector

Hackers deployed a previously unknown destructive malware against Venezuela’s energy and utilities sector in an attack that appears to have been designed to destroy systems, researchers have found.

In a report released this week, Russian cybersecurity firm Kaspersky said the attackers used new wiper malware dubbed Lotus Wiper, which erases data across physical drives and deletes files throughout a system’s storage, leaving affected machines impossible to restore.

“We believe that this wiper is extremely targeted, has no financial motivation, and aims to erase all of a device’s files and data,” the researchers said.

According to Kaspersky, the attackers focused on machines running older versions of the Windows operating system — a sign that they likely had detailed knowledge of the targeted networks and may have compromised them well before the destructive phase of the attack began.

Technical evidence suggests the operation had been in preparation for months. The Lotus Wiper malware was compiled in late September 2025, while a sample linked to the campaign was uploaded to a public malware repository in mid-December from a computer in Venezuela.

The researchers did not identify the organizations affected but said the activity occurred during a period of heightened geopolitical tension in the Caribbean region in late 2025 and early this year.

Last December, Venezuela’s state-run oil company, Petróleos de Venezuela (PDVSA), reported that a cyberattack disrupted its administrative systems. Local media said the incident temporarily halted oil cargo deliveries.

PDVSA publicly blamed the United States for the intrusion, citing Washington’s increased military presence around Venezuela and its long-running effort to pressure President Nicolás Maduro from power. U.S. forces removed Maduro from the country in January. Cybersecurity experts have not found evidence linking the attack to the U.S. government.

There is currently no proof that Lotus Wiper was used in the PDVSA incident. The identity of the threat actor behind the campaign remains unknown.