John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Destructive malware isn’t a theory anymore. Lotus Wiper is a real-world reminder that in geopolitical conflicts, civilian infrastructure is a primary target.
For the last few months, this campaign has been quietly working inside Venezuelan energy and utility companies. This wasn’t a smash-and-grab data breach. This was a long-fuse operation designed to wait for the right moment to flip a switch and cause chaos.
The attack chain starts with some “noisy” preparation—batch scripts that disable security tools and prep the system for destruction. By the time the actual wiper (LOTUSLITE) runs, the network is already defenseless. For defenders, those early scripts are the best chance to catch this before it becomes an operational disaster.
If you are defending ICS/OT environments, this is a signal to double down on network segmentation and offline recovery. You can’t assume your backups are safe if they’re reachable from the network. The goal of a wiper is to make recovery impossible.
This isn’t just a Venezuelan problem. It’s the new reality for utility defenders everywhere. You have to be hard to hit before you even know you’re in the crosshairs.