GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware


In October 2025, Microsoft Threat Intelligence identified destructive wiping activity and uncovered a sophisticated Go programming language (Golang)-based backdoor we now track as GigaWiper, a versatile implant that combines robust command-and-control (C2) capabilities with multiple destructive payloads, including disk wiping, fake ransomware, and system-level sabotage.

GigaWiper is particularly notable for its makeup. It’s not a single, purpose-built tool, but an amalgamation of separate malware families that were folded into GigaWiper as on-demand backdoor commands, giving threat actors the flexibility to choose their mode of destruction.

Read more…
Source:  Microsoft


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Cloud Atlas activity in the first half of 2025: what changed

    December 19, 2025

    Known since 2014, the Cloud Atlas group targets countries in Eastern Europe and Central Asia. Infections occur via phishing emails containing a malicious document that exploits an old vulnerability in the Microsoft Office Equation Editor process (CVE-2018-0802) to download and execute malicious code. In this report, Kaspersky researchers describe the infection chain and tools that the ...

  • CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView

    December 19, 2025

    On December 17, 2025, Hewlett Packard Enterprise (HPE) published an advisory for CVE-2025-37164, a CVSS 10.0 vulnerability in HPE OneView. The vulnerability, which was reported to HPE by security researcher Nguyen Quoc Khanh, facilitates unauthenticated remote code execution (RCE) on versions of HPE OneView before 11.0. Defenders are advised to prioritize upgrading to version 11.0 ...

  • CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor

    December 19, 2025

    Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples. This update provides information on additional samples, including Rust-based samples. These samples demonstrate advanced persistence and defense ...

  • UK Foreign Office was victim of cyberattack

    December 19, 2025

    The UK Foreign Office was hacked in October, a minister has admitted, raising fears that thousands of confidential documents and data may have been compromised. While ministers are “pretty confident” that visa applicants’ details have not been accessed, they have admitted that they are not confident about the identity of the hacker. Sources told The Sun ...

  • FBI: Senior U.S. Officials Continue to be Impersonated in Malicious Messaging Campaign

    December 19, 2025

    This is an update to Public Service Announcement I-051525-PSA, released May 15, 2025, which can be found here. Activity dating back to 2023 reveals malicious actors have impersonated senior U.S. state government, White House, and Cabinet level officials, as well as members of Congress to target individuals, including officials’ family members and personal acquaintances. If ...

  • Police arrest suspect over Microsoft 365 cyber attack

    December 19, 2025

    The Nigeria Police Force National Cybercrime Centre (NPF-NCCC) has apprehended a suspected cyber fraudster linked to coordinated attacks on Microsoft 365 email platforms used by corporate organisations. The arrest followed an intelligence-led investigation triggered by credible information from Microsoft Corporation in the United States, conveyed through the Federal Bureau of Investigation (FBI). The intelligence exposed the ...