Lotus Wiper Malware Destroys Venezuelan Energy & Utilities Systems
What Happened — Researchers uncovered a previously unknown data‑wiping tool, dubbed Lotus Wiper, that was deployed in a destructive campaign against Venezuela’s energy and utilities sector in late 2025 and early 2026. The malware uses batch scripts to overwrite critical files, rendering systems inoperable.
Why It Matters for TPRM —
- Destructive malware can cause prolonged service outages, impacting supply‑chain continuity for downstream customers.
- Lack of public attribution suggests potential state‑sponsored actors, raising geopolitical risk for third‑party contracts.
- Utilities often rely on legacy OT environments that may lack modern endpoint protection, exposing partners to collateral damage.
Who Is Affected — Energy & utilities operators in Venezuela; third‑party service providers (e.g., grid monitoring, maintenance contractors) that integrate with the compromised OT infrastructure.
Recommended Actions —
- Review contracts with Venezuelan energy vendors for continuity clauses and incident‑response obligations.
- Verify that all third‑party OT assets are segmented from corporate networks and have up‑to‑date anti‑malware controls.
- Conduct tabletop exercises simulating a wiper‑type incident to test recovery plans.
Technical Notes — The attack leverages malicious batch scripts to launch the wiper, which does not appear to exploit a known CVE. It targets file systems on Windows‑based OT devices, wiping configuration and operational data. No data exfiltration was reported. Source: The Hacker News