Researchers have identified fast16, a sophisticated cyberweapon from 2005 that predates Stuxnet by five years and secretly corrupted engineering simulations to sabotage nuclear and structural development projects.

Key Points

• Fast16 is a kernel-level driver that intercepted floating-point calculations to provide false, yet mathematically plausible, results to simulation software.
• The malware targeted specific applications, including the LS-DYNA explosion modeling suite and the PKPM structural engineering software used for nuclear reactor analysis.
• SentinelOne researchers discovered the malware after linking it to a "do-not-touch" entry in the 2017 ShadowBrokers leak, which is associated with the NSA’s Equation Group.
• The tool utilized a "cluster munition" architecture, allowing it to spread across networks and deploy different payloads via an embedded Lua scripting engine.
• Despite being uploaded to VirusTotal in 2016, the malware remained largely undetected by antivirus engines for nearly a decade.

Why it Matters

This discovery challenges the historical timeline of cyber-warfare, proving that highly precise, state-sponsored industrial sabotage existed years before Stuxnet became the industry benchmark. It highlights a significant vulnerability in critical infrastructure, where corrupted data can lead to catastrophic real-world failures without triggering traditional security alerts.