Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

GigaWiper Combines Multiple Malware for System-Level Sabotage

0
Medium
Malware
Published: 07/10/2026 (07/10/2026, 09:12:08 UTC)
Source: SecurityWeek

Description

GigaWiper is a sophisticated Go-based backdoor malware with multiple destructive capabilities, including a standalone wiper, ransomware-like encryption, and multi-pass wiping commands. It operates at the physical disk level, wiping drives and removing partition references, and supports extensive command-and-control functions such as executing commands, uploading files, and clearing logs. The malware consolidates multiple older malware components into a modular implant, enabling both espionage and destructive sabotage. It was first observed in October 2025 and is linked to the Crucio ransomware developer and shares code with FlockWiper. No specific affected software versions or patches are currently identified.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/10/2026, 09:17:41 UTC

Technical Analysis

GigaWiper is a modular backdoor malware written in Go that combines multiple malware families and destructive capabilities into a single implant. It includes a physical disk-level wiper that enumerates drives via Windows Management Instrumentation (WMI), removes partition references, wipes drives with multiple erase passes, and reboots the system. The backdoor supports commands to execute destructive wiping, ransomware-like encryption with random keys, file encryption/decryption, and system sabotage such as triggering Blue Screen of Death (BSOD). It maintains persistence and command-and-control communication using RabbitMQ and Redis, and can perform various system management tasks including clearing Windows logs and running remote control servers. The malware consolidates older wiping malware code and is linked to the Crucio ransomware developer and FlockWiper. It enables attackers to flexibly conduct espionage or destructive operations on demand. No known exploits in the wild or patches have been reported.

Potential Impact

GigaWiper enables attackers to perform system-level sabotage by wiping physical drives, encrypting files destructively, and executing commands that can disrupt or destroy Windows installations. It can cause data loss through multi-pass wiping and ransomware-like encryption with unrecoverable keys. The malware also allows attackers to maintain persistent control over infected systems, execute arbitrary commands, clear logs, and remotely control the system, increasing the risk of prolonged compromise and operational disruption.

Mitigation Recommendations

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix is reported, organizations should monitor vendor advisories for updates. Mitigation should focus on detecting and preventing infection through endpoint protection, network monitoring for unusual RabbitMQ and Redis communications, and restricting execution of unauthorized binaries and scripts. Incident response should prioritize containment and recovery from destructive wiping and encryption.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"https://www.securityweek.com/gigawiper-combines-multiple-malware-for-system-level-sabotage/","fetched":true,"fetchedAt":"2026-07-10T09:17:33.195Z","wordCount":1122}

Threat ID: 6a50b8ad68715ace4355b565

Added to database: 07/10/2026, 09:17:33 UTC

Last enriched: 07/10/2026, 09:17:41 UTC

Last updated: 07/10/2026, 09:17:41 UTC

Views: 1

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses