# GigaWiper: A New Threat in System-Level Sabotage

*Published July 13, 2026*
*Source: [https://www.securityweek.com/gigawiper-combines-multiple-malware-for-system-level-sabotage/](https://www.securityweek.com/gigawiper-combines-multiple-malware-for-system-level-sabotage/)*

## Executive Summary

GigaWiper is a sophisticated malware combining wiper and ransomware capabilities, enabling attackers to perform system-level sabotage and espionage. Detected in October 2025, it allows for data destruction and remote control of infected systems, marking a significant evolution in malware threats.

## Article

For the past eight months, a sophisticated malware known as GigaWiper has been actively used by a threat actor to conduct system-level sabotage, as reported by Microsoft. Developed using the Go programming language, GigaWiper is a multifaceted backdoor that incorporates various malware families and advanced command-and-control capabilities. The malware's design allows attackers to execute a standalone wiper, a ransomware-like encryption command, and a comprehensive wiping command that makes multiple erase passes, all on demand. GigaWiper was first detected in October 2025. Its wiper component operates at the physical disk level, utilizing Windows Management Instrumentation to identify Windows partitions, remove partition references from non-Windows drives, and wipe each drive before rebooting the system. The malware's backdoor features include identical wiping functionalities, persistent C&C communication via RabbitMQ and Redis, and capabilities to cause a Blue Screen of Death, upload files to remote servers, execute commands, and wipe Windows installations. It also supports two file-encrypting commands: one that uses unsaved random encryption keys for destructive purposes, and another that encrypts and decrypts files in bulk. GigaWiper's development appears to involve the Crucio ransomware creator, given the similarities in encryption code, and shares connections with FlockWiper, another malware with an identical wiping function. This malware represents a significant evolution in wiper malware, as it not only destroys data but also enables espionage and extensive control over infected systems.
