Microsoft uncovers GigaWiper, a backdoor designed for destruction on demand

Summary

Microsoft has identified a new backdoor named GigaWiper, which combines remote administration capabilities with destructive disk-wiping and ransomware routines. This Golang-based implant was first observed in October 2025 and is notable for assembling existing malware families into a modular backdoor, blurring the lines between espionage and destructive malware.

IFF Assessment

FOE

The discovery of a new, sophisticated backdoor capable of both espionage and destructive actions like disk wiping and ransomware represents a significant threat to defenders.

Defender Context

Defenders should be aware of GigaWiper's modular nature and its hybrid capabilities, which allow for both persistent access and destructive actions. This type of malware requires robust endpoint detection and response (EDR) capabilities, as well as vigilant monitoring for unusual process activity and network communications.

Read Full Story →