Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

New ‘GigaWiper’ Malware Combines Espionage & Destructive Capabilities

July 10, 2026

Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

July 10, 2026

CISA Details Incident Response to Exposed AWS GovCloud Keys

July 10, 2026
Facebook X (Twitter) Instagram
Friday, July 10
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»New ‘GigaWiper’ Malware Combines Espionage & Destructive Capabilities
News

New ‘GigaWiper’ Malware Combines Espionage & Destructive Capabilities

Team-CWDBy Team-CWDJuly 10, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


A new multi-purpose backdoor recently discovered by Microsoft marks a dangerous shift toward unified cyber-attack frameworks.

The backdoor, tracked as GigaWiper, is linked to a malware implant with extensive operational capabilities, allowing cyber threat actors to conduct both quiet espionage activity and destructive wiping operations.

Specifically, in its full version, GigaWiper is equipped with several flavors of wiping functionalities, including file-encrypting ransomware that leaves no way to decrypt the files.

These functionalities were also merged into a single robust backdoor, granting the actor more ways to control and destroy infected systems.

GigaWiper allows threat actors to maintain control over infected systems, execute commands, deploy additional tooling and ultimately trigger one of multiple destructive commands on demand.

In a malware analysis published on July 9 by Microsoft Security, the researchers assessed this new sophisticated tool was created by combining and reimplementing components from at least three previously separate malware families.

These include the Crucio ransomware strain and FlockWiper, as well as another related component or framework that has not yet been recovered.

Characteristics of GigaWiper

Microsoft Threat Intelligence detected GigaWiper in October 2025, when its researchers observed compromised environments being wiped with destructive tooling.

While no information about the targeted systems or the victims was shared, researchers quickly identified a versatile implant written in the Go programming language (Golang) that combines robust command-and-control (C2) capabilities with multiple destructive payloads, including disk wiping, fake ransomware and system-level sabotage.

More precisely, they observed two types of samples:

  • Standalone wiper binaries
  • Larger binaries with robust backdoor functionality

The latter version of GigaWiper provides threat actors with the flexibility to choose their mode of destruction with three main components:

  • A standalone wiper that operates at the physical disk level, overwriting raw disk content and removing partition metadata
  • A destructive command that derives from Crucio ransomware and encrypts files with randomly generated keys that are never saved, making decryption impossible
  • A wiping command that reimplements the logic of FlockWiper, a C-based malware reimplemented in Golang with additional multi-pass secure wiping

The consolidation of multiple destructive capabilities into a modular backdoor reflects “a notable shift in wiper malware, which are typically designed purely to destroy rather than to extort and carry real-world consequences,” the Microsoft researchers noted.

“GigaWiper exemplifies threat actors investing in operational efficiency, merging standalone tools into unified platforms that reduce their deployment footprint while expanding their destructive capabilities.”

Microsoft’s Recommendations for Mitigating GigaWiper Threats

For organizations looking to mitigate the multiple threats posed by a GigaWiper, Microsoft researchers made the following recommendations:

  • Turn on tenant-wide tamper protection features to prevent attackers from stopping security services or using antivirus exclusions.
  • Block direct access to known C2 infrastructure where possible, informed by your organization’s threat intelligence sources
  • Turn on cloud-delivered protection in your antivirus to cover rapidly evolving attacker tools and techniques

Additionally, Microsoft issued some Microsoft-specific mitigation recommendations:

  • Run endpoint detection and response (EDR) in block mode so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode
  • Allow investigation and remediation in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume
  • Microsoft Defender XDR customers can also implement the following attack surface reduction rules to harden an environment against techniques used by threat actors: “Block executable files from running unless they meet a prevalence, age, or trusted list criterion”



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleProxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More
Team-CWD
  • Website

Related Posts

News

Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

July 10, 2026
News

CISA Details Incident Response to Exposed AWS GovCloud Keys

July 10, 2026
News

6 Capabilities That Separate Leaders from Bolt-On AI solutions

July 10, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

What are brushing scams and how do I stay safe?

December 24, 2025

Beware of threats lurking in booby-trapped PDF files

October 7, 2025

What to consider before asking an AI chatbot for health advice

May 27, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.