The bottom line: Fast16 malware was a pre-Stuxnet sabotage tool for manipulating nuclear weapons simulations. With 101 precise manipulation rules, it sabotaged high explosive simulations in LS-DYNA and AUTODYN, possibly developed from 2005 by the NSA-linked Equation Group.
A new analysis of the Lua-based malware Fast16 confirms it was a cyber-sabotage tool specifically designed to manipulate nuclear weapons test simulations. The malware was designed to falsify uranium compression simulations.
Joint investigations by the security teams of Symantec and Carbon Black have revealed that Fast16 was a precisely engineered sabotage instrument. The malware used a specialized hook system to deliberately manipulate high explosive simulations in the software programs LS-DYNA and AUTODYN. The system checked material density and reacted only at values above 30 g/cm³ – precisely the threshold that uranium reaches only under shock compression through implosion devices.
The discovery gains significance through temporal correlations: SentinelOne dated Fast16’s development to around 2005, two years before the earliest known Stuxnet derivative. Evidence was found in files published in 2017 by the hacker group Shadow Brokers – material attributed to the Equation Group, a state-sponsored threat group with connections to the American NSA.
The sophisticated malware system contained 101 manipulation rules, organized into nine to ten hook groups. These specialized rule groups targeted different software versions and indicate a methodical, long-running campaign. The manipulation activated specifically during simulations of explosive detonations and transient blast scenarios – clear evidence of targeted sabotage against nuclear weapons research.