Skip to content
Cyvex Security

Fast16: Pre-Stuxnet malware that targeted precision engineering software

Fast16 is a pre-Stuxnet malware that tampered with precision software and spread itself. Evidence suggests links to U.S. operations during early cyber tensions. SentinelOne uncovered Fast16, a sabotage malware used in 2005, years before Stuxnet. The malicious code is written in Lua and targeted high-precision calculation software, altering results and spreading across systems. The malware […]

SentinelOne uncovered Fast16, a sabotage malware used in 2005, years before Stuxnet. The malicious code is written in Lua and targeted high-precision calculation software, altering results and spreading across systems. The malware appeared in the ShadowBrokers leak of NSA tools, and evidence suggests it may have been developed by the United States, highlighting early cyber operations linked to tensions with Iran.

Researchers traced early advanced malware design by searching for the first use of embedded Lua engines, a feature later seen in tools like Flame and Project Sauron. Lua enables modular, flexible malware without recompilation. The analysis led to a 2005 sample, svcmgmt.exe, which contained an embedded Lua VM and encrypted bytecode. Though it looked like a simple service binary, deeper analysis revealed a sophisticated implant with encryption, Windows API access, and modular design. A debug path linked it to the fast16.sys driver, tying it to the early Fast16 framework.

Source: https://securityaffairs.com/191325/malware/fast16-pre-stuxnet-malware-that-targeted-precision-engineering-software.html

Related breach coverage

  • NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links
    2026-04-28

    NCSC’s SilentGlass blocks malicious HDMI/DisplayPort links, protecting monitors from hardware attacks. Now commercialized for global use. The UK’s National Cyber Security Centre (NCSC) has launched SilentGlass, a new device to protect one of the most overlooked parts of modern IT systems: the physical links between screens and computers. It is a small plug-in security device […]

  • GopherWhisper: new China-linked APT targets Mongolia with Go-based malware
    2026-04-26

    ESET found a new China-linked APT, tracked as GopherWhisper, targeting Mongolia using Go-based malware, loaders, and backdoors. ESET researchers uncovered a new China-aligned APT group called GopherWhisper, targeting government institutions in Mongolia. The group’s arsenal includes a range of tools mainly written in Go, such as loaders and injectors, which are used to deploy multiple […]

  • Hackers earning millions from hijacked cargo, FBI says
    2026-04-30

    In an advisory this week, FBI officials said cyber actors have spent the last two years breaking into the systems of brokers and carriers — allowing them to pose as victim companies and post fraudulent listings on freight delivery message boards.

  • Signal Phishing Campaign Targets German Officials in Suspected Russian Operation
    2026-04-28

    Suspected Russian phishing via Signal targeted German officials, exploiting trust to access accounts and sensitive political communications. A new wave of cyber operations targeting European political leadership is once again highlighting how modern espionage increasingly relies on deception rather than technical exploits. Recent investigations by German authorities point to a large-scale phishing campaign conducted via […]