Fast16

Fast16
Malware details
Technical nameAs Fast16
Trojan:WinNT/FastSixteen.A!dha
Mal/Generic-S
Trojan.Win32.Fast16.a
Mal_Strat-3
TypeRootkit
ClassificationComputer worm
OriginUnited States
AuthorEquation Group[1]
Cyberattack event
Target
  • LS-DYNA 970
  • PKPM
  • MOHID
Technical details
Size~43kB (fast16.sys), ~308 KB (svcmgmt.exe)
Written inLua, C, C++

Fast16 is a cyber sabotage framework and malware platform. Core components of the framework date back to approximately 2005, making it one of the earliest known examples of precision industrial sabotage, predating the public discovery of the Stuxnet worm by five years. The malware was identified by researchers from SentinelOne, who linked it to the signatures found in the 2017 Shadow Brokers leak of tools allegedly belonging to the National Security Agency.[1][2][3][4]

The framework is characterized by its use of an embedded Lua virtual machine for modularity and a kernel-mode filesystem driver designed for "adversary-in-the-simulation" attacks. Unlike traditional malware designed for data exfiltration or system destruction, Fast16 targets high-precision engineering and simulation software, specifically suites such as LS-DYNA, AUTODYN, PKPM, and MOHID. It utilizes a rule-based engine to intercept executable files in memory and subtly patch floating-point arithmetic routines. These systematic manipulations are intended to produce inaccurate mathematical results in physical modeling, which could lead to inexplicable engineering failures or the sabotage of sensitive research, such as nuclear weapons simulations.[5]

References

  1. ^ a b Kamluk, Vitaly; Guerrero-Saade, Juan Andrés (April 23, 2026). "fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet". SentinelOne.
  2. ^ Schneier, Bruce (April 30, 2026). "Fast16 Malware". Schneier on Security.
  3. ^ Greenberg, Andy (April 23, 2026). "Newly Deciphered Sabotage Malware May Have Targeted Iran's Nuclear Program—and Predates Stuxnet". Wired.
  4. ^ Tyson, Mark (April 28, 2026). "Decades-old pre-Stuxnet cyber sabotage tool breaks cover, NSA listed it as 'nothing to see here' — fast16 targeted nuclear reactors, dam design, and other high-precision civil engineering software years before Stuxnet broke cover". Tom's Hardware.
  5. ^ "展示网空能力肌肉的"精神战"——对SentinelOne曝光fast16的综合分析" [A "psychological war" showcasing cyber capabilities: A comprehensive analysis of SentinelOne's exposure of the fast16.]. antiy.cn (in Chinese).

Content Disclaimer

Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.

  1. The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
  2. There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
  3. It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
  4. Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
  5. Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.