Microsoft uncovers GigaWiper, a backdoor designed for destruction on demand
Summary
Microsoft has identified a new backdoor named GigaWiper, which combines remote administration capabilities with destructive disk-wiping and ransomware routines. This Golang-based implant was first observed in October 2025 and is notable for assembling existing malware families into a modular backdoor, blurring the lines between espionage and destructive malware.
IFF Assessment
The discovery of a new, sophisticated backdoor capable of both espionage and destructive actions like disk wiping and ransomware represents a significant threat to defenders.
Defender Context
Defenders should be aware of GigaWiper's modular nature and its hybrid capabilities, which allow for both persistent access and destructive actions. This type of malware requires robust endpoint detection and response (EDR) capabilities, as well as vigilant monitoring for unusual process activity and network communications.