Find notable cyber news and cases, enriched with sources, timelines, and signals.

GigaWiper reuses multiple malware lineages in a unified destructive backdoor

Technical Analysis
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft's July 9 analysis of GigaWiper shows a modular backdoor that merges espionage, C2, and destructive wiping into one implant, widening the damage a single payload can cause. The research concluded the tool was assembled by combining and reimplementing components from Crucio ransomware, FlockWiper, and a third unrecovered framework. The findings provide reusable technical context for spotting similar multi-function malware and understanding how its destructive commands are organized.

Related Happenings

GigaWiper modular backdoor with wiping and espionage capabilities

Malware Activity
H score22 First: 10.07.2026 18:30 Last: 10.07.2026 18:30 Sources 1

How related: The backdoor, tracked as GigaWiper, is linked to a malware implant with extensive operational capabilities, allowing cyber threat actors to conduct both quiet espionage activity and destructive wiping operations.

About this happening: The newly analyzed **GigaWiper** backdoor combines **espionage** and **destructive wiping** functions, giving operators a single implant that can control, sabotage, and erase infe...

Steaelite Windows RAT with FUD and multi-function capabilities

Malware Activity
H score28 First: 27.02.2026 12:06 Last: 27.02.2026 12:06 Sources 1

About this happening: The **Steaelite** Windows RAT is being marketed as a **fully undetectable** tool for **Windows 10 and 11**, giving operators browser-based control over infected machines and enabl...

Timeline

  1. 10.07.2026 18:30 2 articles · 1h ago

    GigaWiper reuses multiple malware lineages in a unified destructive backdoor

    Initial Disclosure

    Microsoft's **July 9** writeup identified **GigaWiper** as a Go backdoor that can maintain control, deploy tooling, and trigger wiping routines. Microsoft Threat Intelligence had already seen it in **October 2025** inside compromised environments being erased.

    Show sources