Find notable cyber news and cases, enriched with sources, timelines, and signals.

GigaWiper / BLUERABBIT destructive Windows backdoor activity

Malware Activity
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

The GigaWiper / BLUERABBIT malware activity now combines disk wiping, fake ransomware, and spyware backdoor functions on Windows, increasing the chance that one intrusion can monitor, destroy, or irreversibly disable infected machines. The implant is written in Go, masquerades as OneDrive, and can run a OneDrive Update scheduled task while hiding its state in the registry. It also routes command traffic through RabbitMQ, Redis, and MinIO, which can make the activity harder to spot on networks that already use those services.

Related Happenings

TinyRCT backdoor with persistence, exfiltration, and self-deletion

Malware Activity
H score22 First: 26.06.2026 13:30 Last: 26.06.2026 13:30 Sources 1

About this happening: The **TinyRCT** backdoor appeared in a **2025** intrusion operation, adding stealthy **persistent access** and **control** to the attackers' toolkit. It also supports **command ex...

USB-spreading clipboard-stealing malware targeting cryptocurrency wallets

Malware Activity
H score27 First: 18.06.2026 19:20 Last: 18.06.2026 19:20 Sources 1

About this happening: A **USB-spreading** clipboard-stealing malware family is actively stealing **seed phrases**, **private keys**, and wallet addresses from **Windows** victims, putting cryptocurrenc...

SprySOCKS Windows backdoor activity against government organizations

Malware Activity
H score23 First: 16.06.2026 12:00 Last: 16.06.2026 12:00 Sources 1

About this happening: **SprySOCKS** now has documented **Windows variants**, **WIN_DRV** and **WIN_PLUS**, expanding a toolset first known as a **Linux-only backdoor**. The activity is tied to **govern...

GammaWorm NTFS Alternate Data Streams propagation and backdoor activity

Malware Activity
H score40 First: 01.06.2026 14:00 Last: 01.06.2026 14:00 Sources 1

About this happening: The **GammaWorm** malware activity now shows a more covert stage that hides modules in **NTFS Alternate Data Streams**, helping it spread across **Ukrainian networks** while leavi...

ABCDoor backdoor activity in Silver Fox attacks

Malware Activity
H score23 First: 04.05.2026 14:35 Last: 04.05.2026 14:35 Sources 1

About this happening: The newly identified **ABCDoor** backdoor is being used in **real-world attacks** by **Silver Fox**, expanding the group's malware set and increasing the risk of covert remote acc...

Timeline

  1. 09.07.2026 21:08 2 articles · 3h ago

    Microsoft identifies GigaWiper destructive Windows backdoor

    Initial Disclosure

    Microsoft identified GigaWiper as a destructive Windows backdoor written in Go that combines disk wiping, fake ransomware, and spyware functions. The malware hides as OneDrive, uses a OneDrive Update scheduled task, and shares hashes and command servers with BLUERABBIT, while Microsoft also linked its destructive code to older Crucio and FlockWiper components.

    Show sources