APT / THREAT GROUP

fast16

2
aliases
Last seen:May 8, 2026

Intelligence Profile

According to SentinelLABS, this is a cyber sabotage framework whose core components date back to 2005, tracked as fast16. fast16.sys selectively targets high-precision calculation software, patching code in memory to tamper with results. By combining this payload with self-propagation mechanisms, the attackers aim to produce equivalent inaccurate calculations across an entire facility. The name ‘fast16’ is referenced in the infamous ShadowBrokers’ leak of NSA’s ‘Territorial Dispute’ components.

Threat Analysis

fast16 is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning fast16

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

fast16win.fast16

External Intelligence

Malpedia: win.fast16

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
fast16 — APT / Threat Group | Threat Intelligence | CTIWATCH.COM