GigaWiper Merges FlockWiper and Crucio Code into Modular Go Backdoor
GigaWiper fuses prior wiper and ransomware modules into a single flexible implant. Evidence shows code reuse and C2 infrastructure consistent with known Iranian-linked tooling. Operational impact centers on selective deployment of destructive commands against high-value targets within months.
Independent analysis of related RabbitMQ endpoints reveals reuse across campaigns Microsoft attributed to Iranian actors, though no public packet captures confirm state control. The next observable marker will be whether GigaWiper binaries surface in ransomware leak sites or remain reserved for targeted wiping operations against power and government entities listed in Armored Likho reporting.
SENTINEL: Public GigaWiper samples will match FlockWiper wiping function hashes in at least three additional incidents by March 2026.
Sources (3)
- [1]Microsoft Threat Intelligence(https://www.microsoft.com/en-us/security/blog/2025/10/gigawiper-analysis)
- [2]SecurityWeek GigaWiper Report(https://www.securityweek.com/gigawiper-combines-multiple-malware-for-system-level-sabotage/)
- [3]Recorded Future Iran Cyber Operations 2025(https://www.recordedfuture.com/iran-wiper-evolution-2025)