Fast16: High-precision software sabotage 5 years before Stuxnet
Original: Fast16: High-precision software sabotage 5 years before Stuxnet
Why This Matters
Reveals earliest sophisticated cyber sabotage operation predating Stuxnet by five years
SentinelLabs uncovered fast16, a cyber sabotage framework from 2005 that selectively targets high-precision calculation software by patching code in memory to tamper with results. The attack predates Stuxnet by five years and represents the first operation of its kind.
SentinelLabs discovered fast16, a previously undocumented cyber sabotage framework with core components dating to 2005. The fast16.sys driver selectively targets high-precision calculation software, patching code in memory to produce inaccurate results across entire facilities. The framework combines payload delivery with self-propagation mechanisms and uses an embedded customized Lua virtual machine, predating similar implementations in Flame by three years. The attack targets expensive high-precision computing workloads of national importance including advanced physics, cryptographic, and nuclear research. The name 'fast16' appears in the ShadowBrokers' leak of NSA's 'Territorial Dispute' components, with an evasion signature stating 'fast16 *** Nothing to see here – carry on ***'. Investigation began with analysis of svcmgmt.exe, a 2005 service binary containing an embedded Lua 5.0 virtual machine and encrypted bytecode.