Malware , Security Operations , Threat Intelligence Fast16 malware: Pre-Stuxnet sabotage tool discovered April 27, 2026 Share By SC Staff A sophisticated Lua-based sabotage malware, dubbed Fast16, has been discovered by SentinelOne. This malware predates the notorious Stuxnet and was designed to tamper with high-precision calculation software, according to a recent report by Security Week. Fast16, referenced in a 2005 ShadowBrokers leak of NSA tools, utilized a Lua 5.0 virtual machine embedded within a service binary, "svcmgmt.exe," which controlled a kernel driver named "fast16.sys." This driver, designed for pre-Windows 7 systems, manipulated filesystem I/O and employed rule-based code patching, indicative of state-sponsored development. The malware propagated through weak passwords on file shares and included environmental awareness to avoid monitored systems. Its primary function was to sabotage precision calculation tools used in fields like civil engineering and physics by introducing systematic errors into calculations, potentially leading to degraded systems or catastrophic damage. It targeted specific engineering and simulation suites, including LS-DYNA, PKPM, and the MOHID platform. The discovery of Fast16 demonstrates that advanced state-grade cyber-sabotage capabilities were operational by the mid-2000s, bridging the gap between early development programs and later, more documented toolkits. Source: Security Week SC Staff Related Malware Tropic Trooper targets Chinese speakers with SumatraPDF trojan and VS Code tunnels SC Staff April 27, 2026 The campaign, attributed with high confidence to the persistent threat group Tropic Trooper, utilizes a custom AdaptixC2 Beacon listener with GitHub as its command-and-control platform, according to Zscaler ThreatLabz. Malware Threat of ZionSiphon malware downplayed SC Staff April 24, 2026 Dragos technical lead malware analyst Jimmy Wylie said threat groups that had launched intrusions targeting critical infrastructure, such as water treatment facilities, are more concerning compared with the recently reported ZionSiphon malware targeting Israeli water facilities, reports CyberScoop. Malware CISA: Malware attack compromises US agency via Cisco exploit SC Staff April 24, 2026 Attacks weaponizing the Cisco Adaptive Security Appliance vulnerabilities, tracked as CVE-2025-20333 and CVE-2025-20362, were reported by the Cybersecurity and Infrastructure Security Agency to have successfully compromised a federal civilian executive branch agency with the FIRESTARTER malware in September, according to The Record, a news site by cybersecurity firm Recorded Future. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Adware Brute Force Cold Warm Hot Disaster Recovery Site Corruption Covert Channels Daemon Defacement Domain Hijacking Google Hacking You can skip this ad in 5 seconds