A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela. The malware was uploaded to a publicly available platform in mid-December from a machine in Venezuela and has been analyzed by researchers at Kaspersky. Before the cripling stage, the attacker relies on two batch scripts that prepare the system for the final payload by weakening defenses and obstructing normal operations. According to the researchers, the Lotus data-wiping malware is designed to completely destroy compromised systems by overwriting physical drives and eliminating recovery options. “The wiper removes recovery mechanisms, overwrites the content of physical drives, and systematically deletes files across affected volumes, ultimately leaving the system in an unrecoverable state,” Kaspersky says in a report today. Given the timing, the observed activity aligns with geopolitical tensions in the region, which culminated this year on January 3 with the capture of Venezuela’s then-president, Nicolás Maduro. Around mid-December 2025, the state-owned oil company Petróleos de Venezuela (PDVSA) suffered a cyberattack that disabled its delivery systems. The organization blamed the United States for the incident. It should be noted that there is no public evidence indicating that PDVSA's systems were wiped in the attack or details about the nature of the attack.