Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older destructive programs bolted into one, offered as commands the operator can choose from.
Each is a different way to break a machine: wipe the whole disk, overwrite the Windows drive, or run fake "ransomware" that scrambles files with a key it never saves.
Because this is malware and not a single flaw, there is no patch to chase; GigaWiper is what an attacker runs after they are already inside, which makes early detection and clean, offline backups the real defense.
The same malicious files show up in a second report under another name: BLUERABBIT, a backdoor Binary Defense flagged last month.
Microsoft lists four hashes for the GigaWiper backdoor; Binary Defense lists the same four for BLUERABBIT, and both command servers match. Binary Defense, citing Google's Threat Intelligence Group, ties the malware to a likely Iran-nexus group aimed at Israeli organizations. Microsoft names no country.






