Researchers at SentinelOne have uncovered a sophisticated cyberweapon that operated undetected for 21 years, predating Stuxnet by five years. Fast16 was discovered by Vitaly Kamluk and Juan Andrés Guerrero-Saade, who presented their findings at Black Hat Asia. The malware's core binary was compiled on August 30, 2005—months before Stuxnet's command-and-control infrastructure came online. Unlike Stuxnet, which physically destroyed centrifuges, Fast16 took a subtler approach: it corrupted the mathematics in engineering simulations, producing results that looked correct but were deliberately wrong.

The malware represents the earliest known Windows implant to embed a Lua scripting engine, giving operators remote control over its behavior. It targeted three specific software suites: LS-DYNA 970 (used for modeling nuclear weapons explosive triggers), PKPM (China's dominant structural engineering tool also used for seismic analysis of nuclear facilities), and MOHID (water modeling software). Using 101 pattern-matching rules, the kernel driver intercepted floating-point calculations and injected corrupted values while leaving the original files on disk untouched. Scientists would see perfectly reasonable results with no indication anything was wrong.

The attack architecture reveals careful operational planning. Fast16 checked the registry for specific security products—Kaspersky, Symantec, McAfee, F-Secure, Zone Labs—and only ran on single-core processors, matching its 2005-era targets. Its "cluster munition" design included empty compartments for additional payloads that may never have been discovered. Whether other variants with different targets exist remains an open question.