New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware

Summary

Microsoft discovered a destructive Windows backdoor called GigaWiper that combines three separate malicious tools into a single payload. The backdoor allows operators to selectively execute disk wiping, Windows drive overwriting, or fake ransomware attacks that encrypt files without providing recovery keys.

IFF Assessment

FOE

GigaWiper is a dangerous backdoor combining multiple destructive capabilities, representing a significant threat to defenders and organizations.

Defender Context

Defenders should monitor for GigaWiper infections, particularly the command-based payload structure that allows attackers to choose destructive actions post-compromise. The combination of disk wiping, OS destruction, and fake ransomware in one tool suggests sophisticated adversaries targeting critical infrastructure or high-value targets. Organizations should focus on detection of backdoor installation, lateral movement indicators, and unusual Windows process behavior.

Read Full Story →