GigaWiper Lets Threat Actors Choose Their Own Destructive Attack
darkreading.com Jul 14, 2026

GigaWiper Lets Threat Actors Choose Their Own Destructive Attack

AI-summarised brief · reviewed before publication

Researchers have identified a new modular malware family called GigaWiper, which merges backdoor functionality with multiple destructive payloads such as disk wiping, fake ransomware and system sabotage. First observed during a wiper campaign in October 2025, the implant initially appeared to be a Golang‑based backdoor before analysis revealed its composite architecture. GigaWiper’s design lets threat actors issue on‑demand commands after gaining network access, selecting the level of destruction they desire. Microsoft’s Threat Intelligence team, referencing the Google Threat Intelligence Group’s “BlueRabbit” tracking, confirmed the overlap and noted that Binary Defense linked the tool to an Iran‑based actor, though no official attribution was made. The modular approach reduces operational overhead while maximizing impact, marking a shift in how wiper malware is deployed.

💡 Why It Matters

  • · By bundling espionage and sabotage capabilities, GigaWiper lets attackers tailor devastation in real time, forcing defenders to confront a more adaptable and stealthy threat surface.