Microsoft Threat Intelligence has identified the GigaWiper malware, which has been detected in compromised environments since October 2025. This malware has destructive capabilities and comes in two forms: standalone wiper binaries and larger binaries with backdoor functionalities, both developed in Golang. The standalone wiper operates at the physical disk level, overwriting disk content and removing partition references. The backdoor variant includes the same wiper functionality and adds persistence through a registry key and scheduled tasks, along with command and control communication via RabbitMQ and Redis.
GigaWiper can execute various commands, including wiping drives, triggering a Blue Screen of Death (BSOD), file encryption that mimics ransomware behavior, and managing system elements. The malware integrates components from multiple malware families, including wipers and ransomware mechanisms, and has been linked to a previous malware known as FlockWiper.
To defend against GigaWiper, organizations are advised to implement security measures such as tamper protection, blocking access to known C2 infrastructure, and utilizing endpoint detection and response solutions. Microsoft Defender provides detections for GigaWiper and related malware, and threat intelligence reports are available for customers to stay informed about threats. Indicators of compromise include specific SHA-256 hashes and IP addresses associated with GigaWiper.