defense · TheHackerNews
Microsoft has identified a destructive Windows backdoor called GigaWiper that combines three disk-wiping capabilities with espionage functions. The malware, written in Go, bundles code from two older wipers (FlockWiper and Crucio) and offers attackers multiple destruction modes: raw disk overwriting, fake ransomware that encrypts files with no saved decryption key, and multi-pass Windows drive erasure. Beyond destruction, GigaWiper performs reconnaissance—capturing screenshots, recording screen activity, opening reverse VNC sessions, collecting system details, and wiping event logs. It masquerades as OneDrive through scheduled tasks and registry entries, and routes command traffic through legitimate business services (RabbitMQ, Redis, MinIO) to blend with normal network activity. Binary Defense has linked the malware to an Iran-nexus group targeting Israeli organizations; Microsoft provides no attribution but notes code overlap with tools previously associated with CyberAv3ngers.
For Omniware's buyers, GigaWiper underscores the limitation of patch-based defenses: as a post-compromise backdoor, no CVE fix prevents its deployment. Defense contractors handling CUI and critical infrastructure operators should prioritize detection mechanisms (EDR, log aggregation) and assume-breach strategies, including offline, immutable backups tested regularly for integrity. Healthcare and fintech firms subject to HIPAA and NIST 800-171 requirements should evaluate whether current backup and recovery procedures protect against destructive malware; SaaS teams in SOC2 observation should ensure change-management and access controls prevent lateral movement to backup infrastructure. An Omniware engagement can scope detection gaps and backup resilience specific to your environment.
Source: The Hacker News - https://thehackernews.com/2026/07/new-gigawiper-windows-backdoor-bundles.html
Source: TheHackerNews
All briefings