A Glimpse into the Past: How the Fast16 Virus Affected Transactions Without Noticeable Disruptions
Researchers at SentinelOne have decrypted the old Fast16 malware, which was likely created as far back as 2005 and may have been used to covertly manipulate sensitive technological processes. For a long time, it was considered an insignificant fragment following the NSA data leaks, but its capabilities now appear to be far more sophisticated. It is a tool that did not directly compromise systems but covertly tampered with computational results, writes Wired.
The story of Fast16 began back in 2005, when, as researchers suggest, sophisticated malicious code was created that could be used in high-tech operations involving covert sabotage. Later, this code snippet appeared in the 2017 NSA leak released by the Shadow Brokers group, and at the time it was even marked off as “nothing interesting,” which effectively shelved its study for years.
Now, researchers at SentinelOne have reviewed this data and concluded that Fast16 was by no means a random or auxiliary tool, but rather part of a more complex system of covert influence on digital processes. Unlike the well-known Stuxnet, which physically destroyed hardware, Fast16 operated in a much more subtle and dangerous manner, as it did not cause obvious malfunctions but acted within computational processes, gradually altering results without any obvious signs of interference.
Its mechanism of operation involved multi-layered infiltration into the Windows environment, where the virus established itself at the system kernel level and covertly monitored the launch of specific programs used in scientific and engineering calculations. When it detected the target software, it interfered with computational processes in system memory, altering results so subtly that the user could not immediately notice the tampering, but over time these micro-changes accumulated and affected final conclusions, simulations, or calculations.
Particularly dangerous was the self-propagation mechanism, which allowed it to infect multiple computers within a single laboratory or network simultaneously, creating a “coordinated error” effect where verifying data on another device merely confirmed the already distorted results. It was precisely this property that made the virus not just malicious code, but a tool for long-term influence, capable of undermining the accuracy of complex systems without leaving obvious traces of a classic cyberattack.
The provider Cloudflare designated the max.ru domain as a spy domain, raising new suspicions about the security of the “national messenger.” Experts had previously also warned of the possible collection of user data and its transfer to Russian authorities.
