Malware

Microsoft details GigaWiper destructive backdoor assembled from older tools

Hacked computer system showing a skull icon with lines of code, illustrating cybercrime, data protection issues, and malware

The Hacker News reports that Microsoft has detailed a destructive Windows backdoor known as GigaWiper, which is notable for its modular construction, combining three distinct destructive tools into a single, operator-selectable package. This malware is deployed after an attacker has already gained initial access to a system, making early detection and secure, offline backups crucial for defense.

GigaWiper, written in Go, operates on Windows and presents operators with numbered commands, three of which are designed for system destruction. These include a raw disk wiper that overwrites the physical drive and partition table, a fake ransomware module (based on Crucio) that encrypts files with a non-recoverable key, and a wiper targeting the Windows drive by overwriting it multiple times. The malware also possesses backdoor capabilities, allowing it to take screenshots, record screen activity, and establish hidden VNC sessions. It collects system details, manages processes, and can manipulate event logs to conceal its presence.

GigaWiper disguises itself as OneDrive and uses legitimate services like RabbitMQ, Redis, and MinIO for command and control traffic, making it harder to detect. Microsoft links the fake ransomware code to Crucio and the wiper to FlockWiper, suggesting a single developer. Crucio has been previously associated with Iran-nexus groups targeting Israeli organizations. The tactic of posing as ransomware while performing destructive actions, similar to NotPetya, aims to buy attackers time by misdirecting defenders.

Source: The Hacker News

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds