Ethical Hacking News
A new threat to global cybersecurity has been identified by Microsoft, with the "GigaWiper" Windows backdoor bundle bundling three destructive programs into one. This malware can wipe entire disks, run fake ransomware, and spy on infected systems. Cybersecurity experts are sounding the alarm over this highly sophisticated threat, which requires a concerted effort to combat effectively.
Cybersecurity experts have identified a new threat called "GigaWiper" Windows backdoor, which bundles three destructive programs into one.The malware is built using the Go programming language and runs on Windows, making it highly adaptable and difficult to detect.GigaWiper can spy on infected systems, taking screenshots, recording screen activity, and opening hidden VNC sessions.The threat is believed to be connected to an Iran-nexus group aimed at Israeli organizations, but the origin of the threat has not been specified.The malware uses tactics such as pretending to be OneDrive to evade detection, making it difficult for defenders to remove.Experts warn that this threat highlights a worrying trend in cybersecurity: the use of AI-powered attacks to evade traditional security measures.
Cybersecurity experts have sounded the alarm over a new threat to global cybersecurity, identified as the "GigaWiper" Windows backdoor. This highly sophisticated malware bundle has been discovered by Microsoft, which bundles three destructive programs into one, offering attackers a flexible platform for espionage and destruction.
According to the report, each of these programs serves a different purpose: wipe the entire disk, overwrite the Windows drive, or run fake "ransomware" that scrambles files with a key it never saves. The malware is built using the Go programming language and runs on Windows, making it highly adaptable and difficult to detect.
One of the most concerning aspects of this malware bundle is its ability to spy on infected systems. GigaWiper can take screenshots of every monitor, record screen activity while someone is working, and open a hidden VNC session that streams the display and allows the attacker to type and move the mouse. It also collects system details, manages running programs and services, edits the registry, and wipes Windows event logs to cover its tracks.
Microsoft has linked this malware back to another known threat, "BLUERABBIT," which was previously reported by Binary Defense. Both of these threats are believed to be connected to an Iran-nexus group aimed at Israeli organizations. However, Microsoft has not specified a country as the origin of this threat.
The fact that GigaWiper is built from multiple older programs makes it particularly difficult for defenders to detect and remove. It uses tactics such as pretending to be OneDrive to create a scheduled task named "OneDrive Update" that runs every minute, which helps it stay under the radar. It also skips ordinary web requests and rides on real business services instead of using its own malware channel.
In order to combat this threat effectively, Microsoft recommends several steps for defenders, including turning on tamper protection so attackers cannot switch off antivirus software, blocking the two known command servers (185.182.193[.]21 and 212.8.248[.]104), running endpoint detection in block mode, enabling cloud-delivered protection, and automatic remediation.
Furthermore, experts warn that this threat highlights a more worrying trend in cybersecurity: the use of AI-powered attacks to evade traditional security measures. The fact that this malware bundle uses command-line tools like RabbitMQ and Redis for tasking and exfiltration makes it difficult to distinguish from legitimate traffic, making it harder for defenders to detect.
In conclusion, the discovery of GigaWiper Windows backdoor bundles represents a significant threat to global cybersecurity. Its ability to destroy systems while appearing as ransomware, combined with its advanced spy capabilities, make it a highly sophisticated and adaptable malware that will require a concerted effort from cybersecurity experts to combat effectively.
Related Information:
https://www.ethicalhackingnews.com/articles/New-GigaWiper-Windows-Backdoor-Bundles-Disk-Wiping-Fake-Ransomware-and-Spyware-A-Threat-to-Global-Cybersecurity-ehn.shtml
https://thehackernews.com/2026/07/new-gigawiper-windows-backdoor-bundles.html
https://vulners.com/thn/THN:FE431C4AD3C5B15DDAC8699BBCC8D962
Published: Thu Jul 9 14:23:02 2026 by llama3.2 3B Q4_K_M