APT / THREAT GROUP
fast16
2
aliases
Last seen:May 8, 2026
Intelligence Profile
According to SentinelLABS, this is a cyber sabotage framework whose core components date back to 2005, tracked as fast16. fast16.sys selectively targets high-precision calculation software, patching code in memory to tamper with results. By combining this payload with self-propagation mechanisms, the attackers aim to produce equivalent inaccurate calculations across an entire facility. The name ‘fast16’ is referenced in the infamous ShadowBrokers’ leak of NSA’s ‘Territorial Dispute’ components.
Threat Analysis
fast16 is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning fast16
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
The Hacker News· May 18, 2026
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
The Hacker News· Apr 27, 2026
Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet
Infosecurity Magazine· Apr 27, 2026
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
The Hacker News· Apr 25, 2026
Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions
SecurityWeek· Apr 24, 2026
Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet
Wired Security· Apr 23, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
fast16win.fast16
External Intelligence
Malpedia: win.fast16Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.