Sign up to save your podcasts
Or
Share Cracking the Fast16 sabotage malware mystery
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Cracking the Fast16 sabotage malware mystery
(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)
Three Buddy Problem - Episode 96: We're joined by WIRED writer Andy Greenberg to dig into SentinelLabs' bombshell FAST16 research, a newly deciphered piece of sabotage malware that predates Stuxnet by five years and quietly tampered with physics modeling software likely tied to Iran's nuclear program.
We discuss the attribution rabbit hole (NSA? Israel? someone else?), the eerie "spiritual warfare" implications of corrupting scientific calculations, and Antiy Labs' very dialectical Chinese rebuttal. Plus, what AI reverse-engineering means for the next decade of cyber paleontology.
Cast: Andy Greenberg, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
Timestamps:
0:00 - WIRED’s Andy Greenberg joins the show
1:53 - How the FAST16 scoop landed in Andy's lap
6:45 - JAGS sat on this sample for 7 years
10:33 - How Costin and the Kaspersky team missed the sabotage routine
15:20 - The "holy moly" moment: what FAST16 actually does
18:26 - Territorial Dispute, Shadow Brokers, and the driver list
24:11 - The targets: MOHID, PKPM, and LS-DYNA's link to Iran
28:13 - No C&C, no victims: a worm built for air-gapped networks
34:45 - Was this part of a larger anti-Iran toolkit?
37:55 - Attribution: NSA, Israel, or someone else entirely?
51:39 - What was the actual sabotage? Unanswered questions
55:48 - "Spiritual warfare": the psychological angle and trust in computers
1:20:05 - Equities, going public, and the case for AI-powered reversing
1:32:19 - Antiy Labs' Chinese rebuttal and the apparatchik tone
1:43:04 - Shoutouts: Sergey Mineev, LabsCon CFP, PivotCon, and Ekoparty
Links:
- Transcript
- fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet
- Flame: A complex malware for targeted attacks
- Territorial Dispute – NSA's perspective on APT landscape
- Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program - and Predates Stuxnet
- Kim Zetter's Countdown to Zero Day
- An Unprecedented Look at Stuxnet, the World's First Digital Weapon
- The Flame: Questions and Answers (Kaspersky)
- SentinelLabs
- Andy Greenberg on X
- TLPBLACK
- Antiy Labs: “Psychological Warfare” to Show Off Cyber Capabilities
- Who’s Really Spreading through the Bright Star?
- LABScon 2026 CFP
- Ekoparty Miami 2026 (Agenda)
- PIVOTcon Agenda
- Decipher: Fast16, Stuxnet, and the History of Cyber Espionage
View all episodes
By Security Conversations
4.9
6161 ratings
(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)
Three Buddy Problem - Episode 96: We're joined by WIRED writer Andy Greenberg to dig into SentinelLabs' bombshell FAST16 research, a newly deciphered piece of sabotage malware that predates Stuxnet by five years and quietly tampered with physics modeling software likely tied to Iran's nuclear program.
We discuss the attribution rabbit hole (NSA? Israel? someone else?), the eerie "spiritual warfare" implications of corrupting scientific calculations, and Antiy Labs' very dialectical Chinese rebuttal. Plus, what AI reverse-engineering means for the next decade of cyber paleontology.
Cast: Andy Greenberg, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
Timestamps:
0:00 - WIRED’s Andy Greenberg joins the show
1:53 - How the FAST16 scoop landed in Andy's lap
6:45 - JAGS sat on this sample for 7 years
10:33 - How Costin and the Kaspersky team missed the sabotage routine
15:20 - The "holy moly" moment: what FAST16 actually does
18:26 - Territorial Dispute, Shadow Brokers, and the driver list
24:11 - The targets: MOHID, PKPM, and LS-DYNA's link to Iran
28:13 - No C&C, no victims: a worm built for air-gapped networks
34:45 - Was this part of a larger anti-Iran toolkit?
37:55 - Attribution: NSA, Israel, or someone else entirely?
51:39 - What was the actual sabotage? Unanswered questions
55:48 - "Spiritual warfare": the psychological angle and trust in computers
1:20:05 - Equities, going public, and the case for AI-powered reversing
1:32:19 - Antiy Labs' Chinese rebuttal and the apparatchik tone
1:43:04 - Shoutouts: Sergey Mineev, LabsCon CFP, PivotCon, and Ekoparty
Links:
- Transcript
- fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet
- Flame: A complex malware for targeted attacks
- Territorial Dispute – NSA's perspective on APT landscape
- Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program - and Predates Stuxnet
- Kim Zetter's Countdown to Zero Day
- An Unprecedented Look at Stuxnet, the World's First Digital Weapon
- The Flame: Questions and Answers (Kaspersky)
- SentinelLabs
- Andy Greenberg on X
- TLPBLACK
- Antiy Labs: “Psychological Warfare” to Show Off Cyber Capabilities
- Who’s Really Spreading through the Bright Star?
- LABScon 2026 CFP
- Ekoparty Miami 2026 (Agenda)
- PIVOTcon Agenda
- Decipher: Fast16, Stuxnet, and the History of Cyber Espionage
More shows like Three Buddy Problem
View all
Hacked
187 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Risky Business
371 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,028 Listeners
Smashing Security
317 Listeners
Click Here
418 Listeners
Darknet Diaries
8,077 Listeners
Cybersecurity Today
175 Listeners
Hacking Humans
315 Listeners
CISO Series Podcast
195 Listeners
Defense in Depth
73 Listeners
Cybersecurity Headlines
139 Listeners
Risky Bulletin
45 Listeners
The 404 Media Podcast
398 Listeners