Discovery of Sabotage Malware 'fast16' Predating Stuxnet

Severity: Medium (Score: 58.0)

Sources: www.sentinelone.com, Theregister

Summary

SentinelOne researchers have identified a malware known as 'fast16' that appears to have been created around 2005, predating the infamous Stuxnet worm. This malware targets engineering and physics simulation software, specifically aiming to induce errors in calculations that could lead to real-world consequences. The analysis revealed that fast16 attempts to install a worm and deploy a driver, 'fast16.sys', which modifies floating-point calculations. The targeted software includes LS-DYNA 970, PKPM, and the MOHID hydrodynamic modeling platform, all of which were used in high-precision engineering scenarios. The malware's existence suggests a long-term strategy for state-sponsored cyber sabotage, particularly in contexts related to national security, such as Iran's nuclear program. The findings were presented at the Black Hat Asia conference, where the researchers disclosed their work to the vendors of the affected applications. This discovery highlights the evolution of advanced persistent threats (APTs) and the covert nature of early cyber weapons. Key Points: • The malware 'fast16' is believed to have been created around 2005, predating Stuxnet. • It targets engineering simulation software, potentially impacting critical infrastructure. • The discovery emphasizes the evolution of state-sponsored cyber sabotage tactics.

Key Entities

• Malware (attack_type)
• Worm (attack_type)
• Iran (country)
• United States (country)
• Animal Farm (malware)
• Fast16 (malware)
• Flame (malware)
• Project Sauron (malware)
• Stuxnet (malware)
• Ls-dyna 970 (platform)
• Mohid (platform)
• PKPM (platform)
• Windows XP (platform)
• LuaJIT (platform)
• Lua (mitre_attack)