GigaWiper: Multipurpose Windows backdoor and wiper
🛡️ Microsoft dissected a destructive Windows backdoor dubbed GigaWiper, which bundles three older wipers into a single Go-based platform offering selectable destructive commands. The implant can wipe entire disks, overwrite the Windows drive, or run fake ransomware that encrypts files without saving keys, and also provides remote control capabilities like screenshots, VNC access, and process management. Microsoft and Binary Defense observed the same file hashes and command servers, with Binary Defense linking the samples to an Iran-linked actor while Microsoft refrains from attributing a country. Defenders should monitor for a OneDrive Update scheduled task, RabbitMQ/Redis traffic from desktops, and suspicious use of takeown/icacls, and apply tamper protection, endpoint blocking, and blocklisted server addresses.
