""Two batch scripts are responsible for initiating the destructive phase of the attack and preparing the environment for executing the final wiper payload. These scripts coordinate the start of the operation across the network, weaken system defenses, and disrupt normal operations before retrieving, deobfuscating, and executing a previously unknown wiper.""
""Once deployed, the wiper erases recovery mechanisms, overwrites the content of physical drives, and systematically deletes files across affected volumes, effectively leaving the system in an inoperable state.""
""No extortion or payment instructions are baked into the artifact, indicating that the aggressive wiper activity is not motivated by financial gain.""
""The sample was uploaded during a period of increased public reports of malware activity targeting the same sector and region, suggesting the wiper attack is extremely targeted in nature.""
Lotus Wiper is a newly discovered data wiper used in attacks against Venezuela's energy and utilities sector. It employs two batch scripts to initiate its destructive phase, weaken system defenses, and execute the wiper payload. Once activated, it erases recovery mechanisms, overwrites physical drives, and deletes files, rendering systems inoperable. The wiper lacks extortion motives, and its upload coincided with increased malware activity in the region. The attack chain begins with a script that disrupts Windows services to facilitate the wiper's deployment.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]