Close Menu

    Subscribe to Updates

    Get the latest Tech news from SynapseFlow

    What's Hot

    Palantir Insiders Disgusted by Company’s Leadership

    July 11, 2026

    Austrian Audio The Arranger review: wired open-backed headphones that can turn their hand to almost anything

    July 11, 2026

    Firefox’s privacy defaults are too soft — and that’s exactly why I switched to this privacy-focused browser

    July 11, 2026
    Facebook X (Twitter) Instagram
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    Facebook X (Twitter) Instagram YouTube
    synapseflow.co.uksynapseflow.co.uk
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    synapseflow.co.uksynapseflow.co.uk
    Home»Cybersecurity»GigaWiper Combines Multiple Malware for System-Level Sabotage
    GigaWiper Combines Multiple Malware for System-Level Sabotage
    Cybersecurity

    GigaWiper Combines Multiple Malware for System-Level Sabotage

    The Tech GuyBy The Tech GuyJuly 11, 2026No Comments3 Mins Read0 Views
    Share
    Facebook Twitter LinkedIn Pinterest Email
    Advertisement


    For over eight months, a threat actor has been using a destructive backdoor and wiper that has multiple system-level sabotage capabilities, Microsoft reports.

    Advertisement

    Dubbed GigaWiper, the malware is a sophisticated Go-based backdoor that consists of multiple malware families and robust command-and-control (C&C) capabilities.

    According to Microsoft, the malware in GigaWiper was folded in the form of on-demand backdoor commands, allowing the attacker to execute a standalone wiper, a ransomware-like encryption command, and a wiping command that performs multiple erase passes.

    “The consolidation of multiple destructive capabilities into a modular backdoor reflects a notable shift in wiper malware, which is typically designed purely to destroy rather than to extort and carry real-world consequences,” Microsoft notes.

    First observed in October 2025, GigaWiper contains a wiper that operates at the physical disk level. It enumerates drives using Windows Management Instrumentation (WMI) to identify the Windows partition, removes partition references from non-Windows drives, wipes each drive, and then reboots the system.

    The backdoor component of GigaWiper also contains the same wiping functionality, including identical code flow and function names. Additionally, it establishes persistence and C&C communication using RabbitMQ and Redis.

    Advertisement. Scroll to continue reading.

    Based on received commands, it can execute the wiper, trigger a Blue Screen of Death (BSOD), upload files to a remote server using MinIO Client, run an executable, run PowerShell commands, take screenshots, record the screen, collect system information, and call a command to wipe the Windows installation.

    The backdoor also supports two file-encrypting commands: one is destructive, as it uses random encryption keys that are never saved, while the other targets files in bulk for encryption and decryption.

    Additionally, GigaWiper can run various managers for processes, registry, RabbitMQ routes, and services, can clear Windows logs, and can start a server to provide attackers with remote control over the infected system.

    The wiping commands implemented in the backdoor come from separate, older malware previously used by the threat actor, stitched together into the same implant with added backdoor capabilities.

    GigaWiper appears to have been built by the Crucio ransomware developer, based on the encryption code, but also shows connections to FlockWiper, which emerged in June 2025, sharing an identical wiping function that has been ported to Go.

    “GigaWiper is a backdoor with extensive operational capabilities that allow a threat actor to maintain control over infected systems, execute commands, deploy additional tooling, and ultimately trigger one of multiple destructive commands on demand. It allows the threat actor to operate with flexibility, enabling both quiet espionage activity and destructive wiping operations,” Microsoft notes.

    Related: Iran-Linked Hackers Using Modular C&C Framework in Cyberattacks

    Related: Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks

    Related: Armored Likho APT Targeting Government, Electric Power Entities

    Related: FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks

    Advertisement
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    The Tech Guy
    • Website

    Related Posts

    Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers

    July 11, 2026

    China, India-Linked Hackers Both Targeted Same Pakistani Police Force

    July 11, 2026

    In Other News: DHS Database Hacked, Adobe Boosts Patch Cadence, Canada Disrupts Ransomware Ops

    July 10, 2026

    Third US Security Expert Sentenced to Prison for Helping Ransomware Gang

    July 10, 2026

    Palo Alto Networks Patches 13 Vulnerabilities

    July 10, 2026

    UK Government Rolls Out Agentic AI Defense Plan Alongside Industry Pledge

    July 10, 2026
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    You don’t need a NAS to self-host — I proved it with hardware from my closet

    June 7, 2026253 Views

    Spotify is giving one of its best playlists a big visual upgrade to give subscribers ‘a closer connection’ to its New Music Friday curators — and I think it could be the update it’s always needed

    June 12, 2026157 Views

    The iPad Air brand makes no sense – it needs a rethink

    October 12, 202516 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Advertisement
    About Us
    About Us

    SynapseFlow brings you the latest updates in Technology, AI, and Gadgets from innovations and reviews to future trends. Stay smart, stay updated with the tech world every day!

    Our Picks

    Palantir Insiders Disgusted by Company’s Leadership

    July 11, 2026

    Austrian Audio The Arranger review: wired open-backed headphones that can turn their hand to almost anything

    July 11, 2026

    Firefox’s privacy defaults are too soft — and that’s exactly why I switched to this privacy-focused browser

    July 11, 2026
    categories
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    Facebook X (Twitter) Instagram Pinterest YouTube Dribbble
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    © 2026 SynapseFlow All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.