Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
GigaWiper Malware: A New Threat to Windows Systems

GigaWiper Malware: A New Threat to Windows Systems

Posted on July 9, 2026 By CWS

Microsoft has dissected a new malware threat, GigaWiper, a Windows backdoor with a destructive design. This sophisticated malware combines three older destructive programs, giving attackers a choice of commands to execute, making it a formidable threat.

Destructive Capabilities

GigaWiper provides multiple ways to damage a system. It can wipe the entire disk, overwrite the Windows drive, or simulate ransomware by encrypting files without saving a decryption key. This makes it impossible to recover data without clean backups, emphasizing the importance of early detection.

The malware, also identified as BLUERABBIT by Binary Defense, shares identical file hashes and command servers with GigaWiper, suggesting they are the same threat. Google’s Threat Intelligence Group connects this malware to a group likely linked to Iran, targeting Israeli organizations.

Malicious Functions

Developed in Go, GigaWiper operates on Windows systems and uses specific commands to execute its destructive tasks. One variant erases the disk by overwriting the physical drive and partition table. Another variant, posing as ransomware, encrypts files without offering a recovery option, while the third overwrites the Windows drive with random data.

Furthermore, the malware can spy on affected systems. It captures screenshots, records screen activity, and opens hidden remote sessions for attackers to control the device. It also collects system information, manages processes, and can erase event logs to hide its presence.

Origins and Attribution

Microsoft traces GigaWiper’s code lineage to Crucio and FlockWiper, indicating a single developer’s involvement. Although Microsoft does not specify a nation, the code similarities align with a December 2023 CISA advisory linking Crucio to Iran’s Islamic Revolutionary Guard Corps. Reports suggest this group has previously targeted infrastructure in the US, Israel, and Europe.

The recurring tag “GRAT” in the malware’s code suggests a connection between different tools, hinting at an evolving threat. Microsoft positions GigaWiper as a flexible platform that can spy, steal, or destroy data, complicating detection efforts for defenders.

Defensive Measures

Detecting GigaWiper requires vigilance. Indicators include a recurring “OneDrive Update” task, unexpected RabbitMQ or Redis traffic, and unusual file ownership changes. Microsoft advises activating tamper protection, blocking known command servers, and utilizing advanced endpoint detection solutions.

The Hacker News is seeking further clarification from Microsoft and Binary Defense regarding the malware’s impact and potential victims and will provide updates as information becomes available.

The Hacker News Tags:Binary Defense, BLUERABBIT, cyber attacks, cyber defense, Cybersecurity, disk wiping, fake ransomware, GigaWiper, Iranian hackers, malware detection, Microsoft, OneDrive Update, Spyware, threat intelligence, Windows malware

Post navigation

Previous Post: AI Aids Hacker in Swift 72-Hour AWS Cloud Breach
Next Post: Critical Roundcube XSS Flaws Require Immediate Update

Related Posts

New Android Malware Threatens Pix Payments and Banking Apps New Android Malware Threatens Pix Payments and Banking Apps The Hacker News
AI Agents Act Like Employees With Root Access—Here’s How to Regain Control AI Agents Act Like Employees With Root Access—Here’s How to Regain Control The Hacker News
AI Automation Exploits, Telecom Espionage, Prompt Poaching & More AI Automation Exploits, Telecom Espionage, Prompt Poaching & More The Hacker News
Iranian Hackers Compromise FBI Director’s Email, Attack Stryker Iranian Hackers Compromise FBI Director’s Email, Attack Stryker The Hacker News
Critical Flaw in MCP Protocol Poses Major AI Supply Chain Risk Critical Flaw in MCP Protocol Poses Major AI Supply Chain Risk The Hacker News
Effective Identity Risk Management in Modern Enterprises Effective Identity Risk Management in Modern Enterprises The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Roundcube XSS Flaws Require Immediate Update
  • GigaWiper Malware: A New Threat to Windows Systems
  • AI Aids Hacker in Swift 72-Hour AWS Cloud Breach
  • Dormant GitHub Accounts Aid Corporate Reconnaissance
  • Microsoft’s AI Strategy Enhances Vulnerability Detection

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Roundcube XSS Flaws Require Immediate Update
  • GigaWiper Malware: A New Threat to Windows Systems
  • AI Aids Hacker in Swift 72-Hour AWS Cloud Breach
  • Dormant GitHub Accounts Aid Corporate Reconnaissance
  • Microsoft’s AI Strategy Enhances Vulnerability Detection

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark