These integrations show up in the form of separate commands that the backdoor supports.
One command performs raw physical disk wiping by overwriting drives and removing partition metadata. Another borrows from the Crucio ransomware family, encrypting files with randomly generated keys that are intentionally never stored, making recovery impossible despite presenting itself like ransomware.
A third command recreates the functionality of FlockWiper, implementing secure multi-pass wiping in Go to permanently erase data on Windows systems.
“We tied GigaWiper to both Crucio and FlockWiper based on code analysis, shared execution flow, function naming, and unique strings,” the researchers said. “Crucio’s code was the base for GigaWiper command 3, and FlockWiper was re-coded in Golang and updated for GigaWiper command 12,” they noted, referring to the 20 listed commands the backdoor supports.
Click Here For The Original Source.
