Ethical Hacking News
Cybersecurity experts have made a groundbreaking discovery that suggests a malware sample, dubbed "fast16," may be one of the earliest known examples of cyber-sabotage malware. The revelation was made by SentinelOne researchers at the Black Hat Asia conference, where Vitaly Kamluk presented his findings to an audience of fellow security professionals.
Malware sample "fast16" may be one of the earliest known examples of cyber-sabotage malware. The discovery was made by SentinelOne researchers at the Black Hat Asia conference in 2023. Fast16 is believed to have been created around 2005, based on clues in its code and compatibility issues with older systems. The malware targeted high-precision engineering and simulation suites used in mid-2000s industries, such as civil engineering and physics. Fast16 may be a precursor to the Stuxnet worm, which was discovered later, and could represent a new form of statecraft using software to reshape the physical world.
Cybersecurity experts have made a groundbreaking discovery that suggests a malware sample, dubbed "fast16," may be one of the earliest known examples of cyber-sabotage malware. The revelation was made by SentinelOne researchers at the Black Hat Asia conference, where Vitaly Kamluk presented his findings to an audience of fellow security professionals.
According to Kamluk, the discovery of fast16 was a result of a chance search for similar software used in nation-state-espionage tools such as Flame and Animal Farm. The researchers stumbled upon a malware sample uploaded to VirusTotal in 2016 that included a reference to "fast16." Further analysis revealed that the techniques employed by the developers of fast16 were not typical of 2016-era malware.
The SentinelOne team believes that fast16 was created around 2005, based on clues in the code and the fact it won't run on anything more recent than Windows XP. The researchers also noted that Intel shipped its first multi-core consumer CPUs in 2006, which would have been incompatible with the malware's architecture.
The driver included in the malware, known as fast16.sys, includes a routine that alters the output of floating-point calculations and goes looking for "precision calculation tools in specialised domains such as civil engineering, physics, and physical process simulations." The researchers think that fast16 targeted three high-precision engineering and simulation suites used in the mid-2000s: LS-DYNA 970, PKPM, and the MOHID hydrodynamic modeling platform.
These suites were all used for scenarios like crash testing, structural analysis, and environmental modeling. Iran is thought to have used LS-DYNA in its nuclear weapons program. The researchers believe that fast16's purpose was to cause errors in calculations run by engineering simulation software, perhaps leading to real-world problems.
In a stunning revelation, Kamluk suggested that fast16 was a cyberweapon that preceded Stuxnet by five years. He also noted that the strange behavior of the malware's AI-powered analysis tool, Claude, further supports this theory. The researcher shared an amusing anecdote about how Claude choked on its own job and repeatedly failed to produce a report he asked it to write.
Kamluk hypothesized that fast16 was used by advanced actors as part of a long-term implant program aimed at sabotaging industrial targets. He also suggested that fast16 bridges the gap between early, largely invisible development programs and later, more widely documented Lua- and LuaJIT-based toolkits.
The SentinelOne researcher concluded his presentation by saying that he had disclosed his findings to the vendors of the engineering applications targeted by fast16, as they may want to check their products for evidence of incorrect calculations. Kamluk also tearfully dedicated his talk to friend and colleague Sergey Mineev, who was responsible for finding many enormously significant APTs without seeking attention for the significance of his work.
In light of this discovery, cybersecurity experts are left to ponder whether fast16 represents a new form of statecraft, one that uses software as a tool to reshape the physical world. As researchers continue to analyze the implications of fast16, it is clear that this malware has shed new light on the evolving landscape of cyber-sabotage and nation-state espionage.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Discovery-Suggests-Cyber-Sabotage-Malware-May-Predate-Stuxnet-by-Five-Years-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/04/24/fast16_sabotage_malware/
https://www.theregister.com/2026/04/24/fast16_sabotage_malware/
https://www.wired.com/story/fast16-malware-stuxnet-precursor-iran-nuclear-attack/
Published: Fri Apr 24 03:30:31 2026 by llama3.2 3B Q4_K_M
