Back

Discovery of Fast16 Malware: Precursor to Stuxnet Targeting Iranian Nuclear Program

Severity: High (Score: 72.5)

Sources: Thehackernews, Infosecurity-Magazine, News.Ycombinator, url.us.m.mimecastprotect.com, Darkreading

Summary

Researchers at SentinelOne have uncovered a malware framework named fast16, which dates back to 2005 and predates the infamous Stuxnet worm by five years. Fast16 is designed to subtly corrupt high-precision mathematical computations, specifically targeting systems involved in nuclear and engineering simulations. The malware operates by embedding a Lua scripting engine within its binary, allowing it to modify outputs without detection. Its delivery mechanism resembles a 'cluster munition,' deploying multiple payloads across vulnerable systems. Fast16's discovery challenges the timeline of cyber warfare, indicating that sophisticated state-sponsored cyber sabotage efforts were underway long before Stuxnet became public in 2010. The malware's components were found to reference critical engineering software used in Iran's nuclear program, suggesting a targeted approach to undermine its capabilities. The implications of this finding extend to understanding the evolution of cyber weapons and their potential impact on national security. Key Points: • Fast16 malware predates Stuxnet by five years, dating back to 2005. • It targets high-precision computing systems, subtly corrupting mathematical outputs. • The discovery alters perceptions of early state-sponsored cyber sabotage capabilities.

Key Entities

  • Equation Group (apt_group)
  • Malware (attack_type)
  • Trojan (attack_type)
  • Worm (attack_type)
  • Stuxnet Campaign (campaign)
  • Egypt (country)
  • Germany (country)
  • Hungary (country)
  • Iran (country)
  • Israel (country)
  • CWE-287 - Improper Authentication (cwe)
  • khabaronline.ir (domain)
  • Duqu (malware)
  • Fast16 (malware)
  • Flame (malware)
  • Flame 2.0 (malware)
  • Gauss (malware)
  • T1003 - OS Credential Dumping (mitre_attack)
  • T1012 - Query Registry (mitre_attack)
  • T1021.002 - SMB/Windows Admin Shares (mitre_attack)
  • T1021 - Remote Services (mitre_attack)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • Windows (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed