Destructive Windows backdoor stuffs multiple wipers and ransomware code into a single package
Microsoft says GigaWiper combines at least 3 malware families into one modular tool
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Microsoft says GigaWiper combines at least 3 malware families into one modular tool
Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older destructive programs bolted into one, offered as commands the operator can choose from
GigaWiper, also tracked as BLUERABBIT, is a destructive backdoor that combines multiple wiping and ransomware-like capabilities into a single operational platform. This blog analyzes how the malware incorporates code from several previously separate malware families and provides guidance to help defenders detect and defend against similar threats. The post GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware appeared first on Microsoft Security Blog.
Spotted in intrusions targeting insurance, education, IT, and professional services sectors
Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure
DragonForce hid for months by routing malware traffic through Microsoft Teams infrastructure, masking C2 activity and evading network detection. DragonForce ransomware operators hit a major U.S. services firm and stayed hidden for one to two months by routing their command-and-control traffic through Microsoft’s own Teams relay servers. Symantec’s threat hunters tracked the custom backdoor they […]
DragonForce ransomware used a custom malware named 'Backdoor.Turn' to hide command-and-control traffic inside Microsoft Teams relay infrastructure. [...]
MOIS-linked cyber outfit puts on a ransomware show to disguise the wide-open backdoor behind the scenes
The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. [...]
Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor. [...]
The North Korean threat group also leveraged Comebacker backdoor, Blindingcan RAT, and info stealer Infohook in its recent attacks.
Also, Australian Police Arrest 55 in New Round of Anom App StingThis week: UPenn hit by email breach, Australian police arrested 55, 'SesameOp' backdoor hid C2 traffic, BEC scammers used AWS, hackers stole trucking cargo, Ukrainian national extradited to United States for role in Conti ransomware and a supply chain risk in advanced installer tool.
Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks
New versions of the XWorm backdoor are being distributed in phishing campaigns after the original developer, XCoder, abandoned the project last year. [...]
From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions
Also, Akira Ransomware Resumes Attacks Via SonicWall FlawsThis week, the Vidar infostealer, BlackDB admin, Akira ransomware hackers and Patch Tuesday. A warning for British bankers, a Cursor flaw, a Brazilian dating app shut down. KazMunayGas said it wasn't hacked. Wealthsimple and Hello Gym data breaches. A macOS backdoor hid in plain sight for years.
Attackers are wielding the sophisticated modular malware while exploiting CVE-2025-29824, a previously zero-day flaw in Windows Common Log File System (CLFS) that allows attackers to gain system-level privileges on compromised systems.
The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control (C2) framework called AK47 C2 (also spelled ak47c2) in its operations
A threat actor with likely links to the Abyss ransomware group is leveraging an apparent zero-day vulnerability to deploy the "Overstep" backdoor on fully up-to-date appliances.
Hacking Group UNC6148 Steals Credentials With New OVERSTEP Rootkit, Google SaysA cybercrime group used a backdoor in a fully patched SonicWall appliance to steal credentials and may have sold the stolen data to ransomware groups as part of an ongoing campaign, Google Threat Intelligence Group found. The firm attributed the campaign to a cybercrime group it tracks as UNC6148.