A sophisticated Lua-based sabotage malware, dubbed Fast16, has been discovered by SentinelOne. This malware predates the notorious Stuxnet and was designed to tamper with high-precision calculation software, according to a recent report by Security Week.Fast16, referenced in a 2005 ShadowBrokers leak of NSA tools, utilized a Lua 5.0 virtual machine embedded within a service binary, “svcmgmt.exe,” which controlled a kernel driver named “fast16.sys.” This driver, designed for pre-Windows 7 systems, manipulated filesystem I/O and employed rule-based code patching, indicative of state-sponsored development. The malware propagated through weak passwords on file shares and included environmental awareness to avoid monitored systems. Its primary function was to sabotage precision calculation tools used in fields like civil engineering and physics by introducing systematic errors into calculations, potentially leading to degraded systems or catastrophic damage. It targeted specific engineering and simulation suites, including LS-DYNA, PKPM, and the MOHID platform.The discovery of Fast16 demonstrates that advanced state-grade cyber-sabotage capabilities were operational by the mid-2000s, bridging the gap between early development programs and later, more documented toolkits.Source:Security Week
More
Newsletter
Subscribe to get the latest news, offers and special announcements.