A new analysis of the Lua-based fast16 malware confirms it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium‑compression simulations central to nuclear weapon design, targeting LS-DYNA and AUTODYN via a three‑part hook engine.
The malware checks the density of the simulated material and only acts when that value passes 30 g/cm³, a threshold attainable only under shock compression in an implosion device. Researchers note that fast16 predates Stuxnet, with its development potentially dating back to 2005, and evidence ties the tooling to the Equation Group via a 2017 Shadow Brokers leak reference.
The framework contains 101 hook rules organized into about nine to ten groups, aimed at different builds of LS-DYNA or AUTODYN, suggesting a methodical, long‑running operation. Fast16 is designed to avoid infection on machines with certain security products and to propagate to other endpoints on the same network, ensuring tampered outputs across the simulation workforce.