SentinelOne researchers uncovered fast16, a previously undocumented Lua-based malware framework from 2005 designed to corrupt high-precision scientific and engineering calculations. The tool predates Stuxnet, used a “cluster munition” wormlet delivery to spread, and targeted packages like LS-DYNA 970, PKPM, and MOHID, showing this sabotage vector remains relevant today. #fast16 #LSDYNA970
Keypoints
- fast16 is an early (circa 2005) Lua-based malware framework that subtly corrupts mathematical outputs in precision-focused software.
- The discovery predates Stuxnet and rewrites timelines about when state-level cyber sabotage matured.
- fast16 distributed payloads via a “cluster munition” approach, dropping multiple wormlets to maximize spread in target environments.
- SentinelOne identified likely targets as LS-DYNA 970, PKPM, and the MOHID hydrodynamic modeling platform used in simulation and engineering tasks.
- The malware runs on obsolete uniprocessor Windows XP systems, but the underlying high-precision sabotage vector remains relevant and YARA rules have been published for detection.
Read More: https://www.darkreading.com/cyber-risk/20-year-old-malware-rewrites-history-of-cyber-sabotage