← All stories
● Covered by 1 source Β· 1 reportHigh impact

Microsoft Analyzes GigaWiper Backdoor with Disk Wiping and Spyware Features

Aggregated by BrevFeed security Β· updated 1h ago
πŸ”– Save

Microsoft has dissected the GigaWiper backdoor, highlighting its capabilities which include disk wiping, fake ransomware, and spyware functions. This sophisticated malware targets Windows machines and potentially connects to cyber threats aimed at Israeli organizations, emphasizing the need for robust detection and backup measures.

Key points

Overview of GigaWiper

Microsoft analyzed GigaWiper, a Windows backdoor that integrates three older destructive programs into one. It features various capabilities allowing operators to choose how to compromise a machine, either by wiping it clean or running fake ransomware.

Destructive Capabilities

GigaWiper offers three commands: a raw disk wiper that overwrites physical drives, a fake ransomware that encrypts files without a recovery key, and another command that overwrites the Windows drive multiple times. Each method leaves no way to recover data, emphasizing a focus on total destruction rather than monetary gain.

Spy Features

Alongside its destructive abilities, GigaWiper can also act as spyware. It can take screenshots, record user actions, open a hidden VNC session for remote access, and manage programs on the infected PC, providing attackers with extensive control over the system.

Link to Threat Groups

The GigaWiper malware appears under the name BLUERABBIT in another report and has been associated with a potential Iranian group targeting organizations in Israel. Both Microsoft and Binary Defense have released matching hashes for the malware, indicating a strong link between the two reports.

Detection and Prevention Measures

Due to the nature of GigaWiper, traditional patching methods are ineffective. The focus for defense lies in early detection and maintaining clean, offline backups to recover systems after potential infections. Cybersecurity measures need to adapt to address such multi-faceted threats.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

CVE CVE-2026-552008.1 HIGH CVE CVE-2026-468179.8 CRITICAL

Reporting from

Microsoft has dissected the GigaWiper backdoor, highlighting its capabilities which include disk wiping, fake ransomware, and spyware functions. This sophisticated malware targets Windows machines and potentially connects to cyber threats aimed at Israeli organizations, emphasizing the need for robust detection and backup measures.