It was a full-fledged sabotage tool of a new type.
Researchers from SentinelOne company decrypted the Fast16 virus, created back in 2005 and likely developed by the USA or Israel for covert sabotage of Iran's nuclear program.
Interestingly, the malware sample remained a mystery for a long time after the NSA data leak by the Shadow Brokers group in 2017, where it appeared with the label: «Nothing interesting, do not touch».
Only now has it become clear that this was not a spy tool, like other viruses that were part of the leak during the hack, but a full-fledged sabotage tool of a new type.
Unlike the similar in concept Stuxnet virus, which physically disabled equipment, Fast16 was designed for long-term and imperceptible operation within an enemy network.
The virus's operational mechanics were sophisticated enough for its time: it spread through Windows network resources, established itself at the kernel level, and tracked the launch of specific scientific and engineering programs.
When the virus found the necessary software, it interfered directly with the calculation process, substituting results at the memory level.
This did not involve crude errors, but rather minimal deviations that accumulated and led to incorrect conclusions, accelerated wear and tear of systems, or malfunctions in complex mechanisms.
The built-in self-propagation mechanism could infect several machines simultaneously in one laboratory or a shared network, so attempting to re-verify calculations on another computer only confirmed the already corrupted data.
Tsapkala and Balkunets attacked a Lithuanian politician who helped Belarusians after 2020 and contributed to the case opened by the prosecutor in The Hague 5555
Comments