Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026.
Dubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector in Venezuela, per findings from Kaspersky.
"Two batch scripts are responsible for initiating the
"Two batch scripts are responsible for initiating the destructive phase of the attack and preparing the environment for executing the final wiper payload," the Russian cybersecurity vendor said .
"These scripts coordinate the start of the operation across the network, weaken system defenses, and disrupt normal operations before retrieving, deobfuscating, and executing a previously unknown wiper."
Once deployed, the wiper erases recovery mechanisms, overwrites the content of physical drives, and systematically deletes files across affected volumes, effectively leaving the system in an inoperable state.
No extortion or payment instructions are baked into the artifact, indicating that the aggressive wiper activity is not motivated by financial gain.
It's worth noting that the wiper was uploaded to a publicly available platform in mid-December 2025 from a machine in Venezuela, weeks before the U.S.