Gauss

  • First known sample

    2011
  • Discovery

    2012
  • Number of targets

    3000-10000
  • Current status

    Inactive since 2013
  • Type

    Cyberespionage toolkit
  • Targeted platforms

    Windows
  • TOP targeted countries

    Israel , Lebanon , Palestine , Syria
  • Connected attacks

  • The way of propagation

    USB drives
  • Purpose/Functions

    Cyberespionage
  • Special features
    The Gauss code includes commands to intercept data from users of Lebanese banks.
  • Targets

    Specific individuals
  • Artefacts/Attribution
    Gauss is based on the Flame platform. It shares some functionality with Flame, such as the USB infection subroutines.
  • Description

    A complex cyber-espionage toolkit created by the same actors behind the Flame malware platform. The main modules possesses significant data-stealing capabilities, including the ability to steal online banking credentials; it also contains an encrypted payload. This malware infected thousands of machines in the Middle East, primarily Lebanon, from 2011 to 2013.

    Additional information