Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Lotus Wiper destructive campaign targeting Venezuela's energy and utilities sector

Campaign
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

The Lotus Wiper operation targeted Venezuela's energy and utilities sector in a destructive campaign spanning the end of 2025 and the start of 2026, indicating coordinated wiping activity rather than a single-host event. The operation used batch scripts to prepare systems, weaken defenses, and launch the payload. Its impact was severe because the wiper erased recovery mechanisms, overwrote drives, and left affected systems inoperable.

Related Happenings

Lotus Wiper destructive activity against Venezuelan energy systems

Malware Activity
First: 22.04.2026 13:55 Last: 22.04.2026 13:55 Sources 1

How related: Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026.

About this happening: Researchers uncovered **Lotus Wiper**, a **previously undocumented data wiper**, in **destructive attacks** against **Venezuela**. The operation targeted the **energy and utilitie...

Open Happening

Lotus data-wiping malware used against Venezuelan energy and utilities organizations

Malware Activity
First: 21.04.2026 21:38 Last: 21.04.2026 21:38 Sources 1

About this happening: The **Lotus** data-wiping malware was used in **targeted attacks** against **energy and utilities organizations in Venezuela**, putting victims at risk of irreversible system dest...

Open Happening

Stryker hit by network compromise

Incident
First: 11.03.2026 18:20 Last: 11.03.2026 18:20 Sources 1

About this happening: Stryker suffered a destructive network compromise attributed to Handala/Handala Hack Team, with reporting describing data deletion and widespread device wiping. Early coverage fra...

Latest development: 28.03.2026 17:40

Handala Hack is tied to a destructive compromise of Stryker in which company data was deleted and thousands of employee devices were wiped. Stryker later said the incident was contained after it regained access, removed the unauthorized party from its environment, and noted that the breach was confined to its internal Microsoft environment.

Open Happening

Sandworm DynoWiper wiper attack on Polish energy infrastructure

Malware Activity
First: 24.01.2026 10:21 Last: 24.01.2026 10:21 Sources 1

About this happening: **Sandworm** used **DynoWiper**, a previously undocumented **wiper malware**, in a failed attack against **Poland's energy sector**. The activity targeted **two combined heat and...

Latest development: 29.01.2026 00:14

Dragos says the late-December attack on Poland's power grid was carried out by the Russian activity cluster Electrum with moderate confidence, noting overlap with Sandworm (APT44) but treating Electrum as a distinct cluster. The group targeted exposed and vulnerable RTUs, network edge devices, monitoring and control systems, and Windows-based machines at DER sites, disabled communications equipment at multiple sites, and wiped some Windows systems.

Open Happening

Timeline

  1. 22.04.2026 13:55 2 articles · 1mo ago

    Kaspersky discloses Lotus Wiper campaign targeting Venezuelan energy and utilities

    Initial Disclosure

    Kaspersky disclosed a previously undocumented data wiper called Lotus Wiper that targeted Venezuela's energy and utilities sector in a destructive campaign spanning late 2025 and early 2026. Two batch scripts prepared affected systems, checked NETLOGON access, and launched a payload that deleted restore points, overwrote drives, and erased files without any extortion or payment instructions.

    Show sources
    Open in new tab