Home » Topics » Cybersecurity » Kaspersky claims new “cyber threat” discovery

Kaspersky claims new “cyber threat” discovery

Avatar photoby Ben Rossi

Kaspersky Lab, the Russian security software vendor, has claimed the discovery of a new "cyber threat", named Gauss, which is designed to steal data on bank accounts in Lebanon.

The discovery was made with the support of the UN’s International Telecommunication Union, which also assisted Kaspersky Lab in its discovery of the Flame Trojan earlier this year.

Gauss shares many technical characteristics with Flame, Kaspersky Lab said yesterday, including the fact that it can be transferred over USB drives.

"Gauss bears striking resemblances to Flame, such as its design and code base, which enabled us to discover the malicious programme," said Alexander Gostev, chief security expert at Kaspersky Lab. "However, its purpose was different to Flame or [Stuxnet-like ‘cyber espionage’ tool] Duqu. Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information.”

Gauss is designed to steal data related to online accounts at banks include the Bank of Beirut, Byblos Bank and Fransabank, it said.

It is also more widespread than Flame, the company claims, having infected around 2,500 machines, mainly in Lebanon, compared to Flame’s 700, primarily in Iran.

Kaspersky said that the first Gauss infections date back to around September 2011. Kaspersky and ITU discovered the malware in June 2012, and the command and control servers that co-ordinate it were shut down in July 2012.

The resemblence to Flame also leads Kaspersky to conclude that Gauss is a state-backed operation. "Code references and encryption subroutines, together with the Command and Control infrastructure make us believe Gauss was created by the same ‘factory’ which produced Flame," it said. "This indicates it is most likely a nation-state sponsored operation."

"This is the first publicly known nation-state sponsored banking Trojan," Kaspersky claims.

In June, the Washington Post reported that Flame was built by US and Israeli intelligence forces, citing "Western officials with knowledge of the effort". Kaspersky’s implication is that the same is true of Gauss.

Critics have questioned the ITU’s motives in collaborating with Kaspersky. The UN’s International Telecommunication Regulations are due to be renewed later this year, and US politicians have accused the ITU of wanting give the UN – and therefore China and Russia – greater control of the Internet.

Exposing US and Israeli-backed ‘cyber threats’ would, in theory, be a good bargaining chip in making the case for stronger UN control.

However, the ITU denies that there is any special relationship with Russia’s Kaspersky, saying it is one of many security vendors to participate in its IMPACT campaign against ‘cyber threats’.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise