Fast16 Malware

Researchers have reverse-engineered a piece of malware named Fast16. It’s almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet:

“…the Fast16 malware was designed to carry out the most subtle form of sabotage ever seen in an in-the-wild malware tool: By automatically spreading across networks and then silently manipulating computation processes in certain software applications that perform high-precision mathematical calculations and simulate physical phenomena, Fast16 can alter the results of those programs to cause failures that range from faulty research results to catastrophic damage to real-world equipment.”

Another news article.

Lots of interesting details at the links.

Tags: , , , ,

Posted on April 30, 2026 at 6:22 AM11 Comments

Comments

Rontea April 30, 2026 9:38 AM

This discovery underscores a fundamental truth in cyber operations: Attacks that manipulate the integrity of data are far more dangerous than those that merely steal or destroy it. Fast16 represents a class of malware designed to silently degrade trust in the computational results that modern critical infrastructure and research rely on. Unlike Stuxnet’s kinetic sabotage, this tool weaponizes subtlety—its effects could manifest as inexplicable equipment failures or flawed scientific conclusions, all while leaving minimal forensic evidence.

Clive Robinson April 30, 2026 10:28 AM

@ Bruce, ALL,

With regards,

“It’s almost certainly state-sponsored, probably US in origin”

Does any of that really matter?

The political points scoring along with “might is right” and other political rhetoric is just “fluff”.

What we actually need to know is,

1, “The harms” carried out,
2, “How to recognise/detect” them,
3, “How to stop or mitigate” them.

Because they will hurt the people targeted today. And those targeted in turn will hurt their attackers in revenge as and when they can.

Something history shows us over and over happens regardless of,

1, “The tools used”
2, “The disparity in tool technology or availability”.

Which means a cycle of violence builds up and will go on for a half century or more, as we can currently see… Which in turn will give rise to other such harms being started thus the cycle goes on for centuries if not millennium.

With the only people gaining being “fear mungering politicians with authoritarian behaviour” and those that stand behind them for status and profit. With the rest of all societies being harmed (look at the Irish Troubles that got really nasty under Oliver Cromwell’s authority and how they spread out).

Or if you want “contemporary” why OPEC is starting to break up.

Those that have most to profit like the makers of arms etc, generally position themselves to not just make vast profit, but also in ways to best avoid any of the harms, for them or their families etc.

In some respects the hiding is easier for the actual operators currently, but less and less possible for the authoritarian initiators and their followers.

Clive da Plum Smuggler April 30, 2026 11:30 AM

@Clive,
you’re delusional, stop taking a dump here on this blog multiple times each and every day. Get a life man. Or is is the drugs you’re on?
I doubt it. i firmly believe that your toxic and narcissistic personality are to blame. Who da fck cares about your BS. Blah blah blah blah blah…..
$cum.

Clive da Plum Smuggler April 30, 2026 11:30 AM

@Clive,
you’re delusional, stop taking a dump here on this blog multiple times each and every day. Get a life man. Or is is the drugs you’re on?
I doubt it. I firmly believe that your toxic and narcissistic personality are to blame. Who da fck cares about your BS. Blah blah blah blah blah…..
$cum.

Clive Robinson April 30, 2026 12:49 PM

@ Bilbo Baggins, ALL,

With regards,

“9-Year-Old Linux Kernel Vulnerability “Copy Fail” Enables Full Root Access”

As a rule of thumb we generally put up such warnings on the current Friday Squid for two reasons,

1, They are easier to find using search tools.
2, They don’t derail other threads.

Any way, this particular software error is a bit more than just this Current POC.

If you read,

https://xint.io/blog/copy-fail-linux-distributions#how-we-found-it-9

You will find the following note,

Note: The scan also identified other high severity vulnerabilities, including another privilege escalation bug. These other bugs are still in the responsible disclosure process.

Oh also that the way all these were all found…

A human “reasoned out” a new “class of attack” thus had a “notknown known” state of “instance, class”.

Then the AI “walked the code” and found in a fairly short order of time several now “potential, known” instances in the class. The human(s) then punched out some POC code either alone or with AI assistance, And these were tested.

Thus transforming the current instances mentioned in the new class within a very short period into “Known Knowns”…

This is the workflow I would expect to happen.

But remember the point I’ve made a few times now,

The AI in effect uses a form of fuzzing which will find vulnerability instances close to the class attribute centrum or major points much more readily than it will more distant instances that match some of the class instants.

Thus even what has been done so far is going to be at best “partial” thus it’s likely more instances that have attributes that fall in part or whole of this new class are yet to be found…

Weather April 30, 2026 7:14 PM

@Clive ,All
CvP was that a oracle injected into every program and Os that mointed it, a castle were they are free to move around.

A aside note can you find the brother and sister who thought it funny to go to the press because i was spraying with a knapsack, at that time.

Ismar May 1, 2026 5:29 PM

So what happens when someone does this to AI which is increasingly becoming our source of truth?!?

Andy May 2, 2026 6:09 AM

Exactly the type of error, that Michael S. Rogers, when in charge of the NSA 2014-18, said kept him awake at night. If you were Rogers Russian and Chinese equivalent you should probably be paranoid the U.S. may have done this to you; as it’d be a very cost-effective way of crippling an adversaries nuclear capability without firing a shot. Computer simulations may not be affected either, to give false comfort. It could be a defect introduced in CAD manufacturing. Warheads are incredibly complex; the compression of a nuclear warhead’s core is an extremely fast process, typically occurring within a timeframe of 1 to 5 microseconds (millionths of a second) in modern weapons. This explosive implosion, known as the primary, must be perfectly symmetrical to achieve supercriticality, with timing tolerances for detonators within roughly one microsecond of each other.

Clive Robinson May 2, 2026 7:20 AM

@ Ismar,

With regards,

“So what happens when someone does this to AI which is increasingly becoming our source of truth?!?”

Two points to think on,

1, What sensible people trust AI with more than one out of three error rate and search engines with a one in ten error rate but high presentation bias?

2, What makes you think current AI LLM and ML Systems are not already “doing it to themselves” by the way they work?

But to take it further, think about the way Current AI LLM and ML systems work they,

“Approximately pattern match by statistics with fuzzing.”

What level of accuracy would you genuinely expect from such a system?

Ismar May 3, 2026 5:35 AM

@Clive
Our human knowledge is also incomplete and open to bias and manipulation, but it looks like we are less inclined to question AI than other humans which makes this problem even worse .
See automation bias and algorithm appreciation , but there also seems to be a ray of hope with Algorithm aversion once a mistake is identified

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.