Shirt a Phobia

Fast16 is a cyber sabotage framework and malware platform. Core components of the framework date back to approximately 2005, making it one of the earliest known examples of precision industrial sabotage, predating the public discovery of the Stuxnet worm by five years. The malware was identified by researchers from SentinelOne, who linked it to the signatures found in the 2017 Shadow Brokers leak of tools allegedly belonging to the National Security Agency.^[1]^[2]^[3]^[4]

The framework is characterized by its use of an embedded Lua virtual machine for modularity and a kernel-mode filesystem driver designed for “adversary-in-the-simulation” attacks. Unlike traditional malware designed for data exfiltration or system destruction, Fast16 targets high-precision engineering and simulation software, specifically suites such as LS-DYNA, AUTODYN, PKPM, and MOHID. It utilizes a rule-based engine to intercept executable files in memory and subtly patch floating-point arithmetic routines. These systematic manipulations are intended to produce inaccurate mathematical results in physical modeling, which could lead to inexplicable engineering failures or the sabotage of sensitive research, such as nuclear weapons simulations.^[5]

References

^ ^a ^b Kamluk, Vitaly; Guerrero-Saade, Juan Andrés (April 23, 2026). “fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet”. SentinelOne.
^ Schneier, Bruce (April 30, 2026). “Fast16 Malware”. Schneier on Security.
^ Greenberg, Andy (April 23, 2026). “Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet”. Wired.
^ Tyson, Mark (April 28, 2026). “Decades-old pre-Stuxnet cyber sabotage tool breaks cover, NSA listed it as ‘nothing to see here’ — fast16 targeted nuclear reactors, dam design, and other high-precision civil engineering software years before Stuxnet broke cover”. Tom’s Hardware.
^ “展示网空能力肌肉的”精神战”——对SentinelOne曝光fast16的综合分析” [A “psychological war” showcasing cyber capabilities: A comprehensive analysis of SentinelOne’s exposure of the fast16.]. antiy.cn (in Chinese).

[rdp-we-cite_note-SentinelOne-1] Kamluk, Vitaly; Guerrero-Saade, Juan Andrés (April 23, 2026). “fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet”. SentinelOne.

[rdp-we-cite_note-Schneier-2] Schneier, Bruce (April 30, 2026). “Fast16 Malware”. Schneier on Security.

[rdp-we-cite_note-3] Greenberg, Andy (April 23, 2026). “Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet”. Wired.

[rdp-we-cite_note-4] Tyson, Mark (April 28, 2026). “Decades-old pre-Stuxnet cyber sabotage tool breaks cover, NSA listed it as ‘nothing to see here’ — fast16 targeted nuclear reactors, dam design, and other high-precision civil engineering software years before Stuxnet broke cover”. Tom’s Hardware.

[rdp-we-cite_note-AntiyLabs-5] “展示网空能力肌肉的”精神战”——对SentinelOne曝光fast16的综合分析” [A “psychological war” showcasing cyber capabilities: A comprehensive analysis of SentinelOne’s exposure of the fast16.]. antiy.cn (in Chinese).

[1]

[2]

[3]

[4]

[5]

Sample Page

References