Feeds.4Sysops
Microsoft Unveils GigaWiper: A Modular Destructive Backdoor for Windows
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Microsoft has revealed GigaWiper, a destructive Windows backdoor that integrates components from three malware families, including Crucio and FlockWiper. This Golang-based malware is designed for post-initial access attacks, allowing operators to execute commands for system destruction, including raw disk wiping and fake ransomware. GigaWiper disguises itself as OneDrive and utilizes legitimate services for command and control, complicating detection efforts. It can take screenshots, record screen activity, and manipulate event logs to hide its presence. Microsoft links the malware to Iranian threat actors, suggesting a state-sponsored motive targeting Israeli organizations. The malware's modular design enables attackers to switch between espionage and sabotage seamlessly. Early detection and secure backups are critical for defense against this threat.
Key Points: • GigaWiper is a modular backdoor combining destructive tools and espionage capabilities. • It disguises itself as OneDrive and uses legitimate services for command and control. • The malware is linked to Iranian threat actors targeting Israeli organizations.