Microsoft Unveils GigaWiper: A Modular Destructive Backdoor for Windows

Microsoft Unveils GigaWiper: A Modular Destructive Backdoor for Windows

First seen 9 Jul 2026, 18:11 UTC Blogs.MicrosoftFeeds.4SysopsThehackernewsFeeds.Feedburner 81% similarity 72.9

Article Content

Browse articles
ThreatCluster

Microsoft has revealed GigaWiper, a destructive Windows backdoor that integrates components from three malware families, including Crucio and FlockWiper. This Golang-based malware is designed for post-initial access attacks, allowing operators to execute commands for system destruction, including raw disk wiping and fake ransomware. GigaWiper disguises itself as OneDrive and utilizes legitimate services for command and control, complicating detection efforts. It can take screenshots, record screen activity, and manipulate event logs to hide its presence. Microsoft links the malware to Iranian threat actors, suggesting a state-sponsored motive targeting Israeli organizations. The malware's modular design enables attackers to switch between espionage and sabotage seamlessly. Early detection and secure backups are critical for defense against this threat.

Key Points: • GigaWiper is a modular backdoor combining destructive tools and espionage capabilities. • It disguises itself as OneDrive and uses legitimate services for command and control. • The malware is linked to Iranian threat actors targeting Israeli organizations.

ThreatCluster AI

Timeline

2026-07-09
Microsoft reveals GigaWiper backdoor
Microsoft detailed GigaWiper, a destructive backdoor that integrates multiple malware components for system destruction.
Blogs.Microsoft
2026-07-09
GigaWiper identified as threat
Microsoft Threat Intelligence confirmed GigaWiper's capabilities, including physical disk wiping and fake ransomware routines.
Feeds.4Sysops
2026-07-09
GigaWiper's operational tactics analyzed
The malware's modular design allows attackers to switch between espionage and sabotage, complicating detection.
Feeds.Feedburner

Community

Browse all →