Fast16: Pre-Stuxnet Sabotage Tool Was Built to Subvert Nuclear Weapons Simulations

Symantec analysis of the 'fast16' sabotage framework describes a long-running, highly targeted malware operation that embeds a Lua-capable service, installs a kernel filesystem filter driver, and applies 101 precise hook rules to selectively corrupt LS-DYNA and AUTODYN simulation outputs. The malware triggers only under narrow conditions (specific EOS selections, material densities around 30 g/cm³, and other simulation attributes), appears tailored to disrupt uranium implosion/nuclear detonation simulations, propagates within local networks via share enumeration and impersonation, and maintains stealthy persistence via IFEO and a signed-seeming driver install.