Lotus Wiper was likely used to attack PDVSA
One important thing that the Kaspersky report omits is that pdvsa[.]com is hardcoded into OhSyncNow.bat, a file that triggers the wiping operation (HT @benread.bsky.social). This is used to limit the attack to the specified domain
1/11
Oleg Shakirov
Kaspersky discovered a new wiper uploaded from Venezuela in mid-December. The campaign likely targeted utilities and energy sector
Evidence suggests it was months in the making
There are no explicit links to previously reported incidents in Venezuela
securelist.com/tr/lotus-wip...
