{"id":248113,"date":"2026-05-18T02:46:00","date_gmt":"2026-05-18T06:46:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/18\/pre-stuxnet-fast16-malware-tampered-with-nuclear-weapons-simulations\/"},"modified":"2026-05-18T05:15:07","modified_gmt":"2026-05-18T09:15:07","slug":"pre-stuxnet-fast16-malware-tampered-with-nuclear-weapons-simulations","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/18\/pre-stuxnet-fast16-malware-tampered-with-nuclear-weapons-simulations\/","title":{"rendered":"Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/pre-stuxnet-fast16-malware-tampered.html\">Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/pre-stuxnet-fast16-malware-tampered.html\">https:\/\/thehackernews.com\/2026\/05\/pre-stuxnet-fast16-malware-tampered.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-18 02:46:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">May 18, 2026<\/span><\/span><span class=\"p-tags\">Industrial Sabotage \/ Malware<\/span><\/p>\n<p>A new analysis of the Lua-based <strong>fast16<\/strong> malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations.<\/p>\n<p>According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that are central to nuclear weapon design.<\/p>\n<p>&#8220;Fast16&#8217;s hook engine is selectively interested in high-explosive simulations inside LS-DYNA and AUTODYN,&#8221; the Threat Hunter Team said. &#8220;The malware checks for the density of the material being simulated and only acts when that value passes 30 g\/cm\u00b3, the threshold uranium can only be reached under the shock compression of an implosion device.<\/p>\n<p>The development comes weeks after SentinelOne presented an analysis of fast16, describing it as the first sabotage framework whose components may have developed as early as 2005, predating the earliest known version of Stuxnet (aka Stuxnet 0.5) by two years.<\/p>\n<p>Evidence unearthed by the cybersecurity company included a reference to the string &#8220;fast16&#8221; in a text file that was leaked by an anonymous hacking group called The Shadow Brokers in 2017. The file was part of a huge tranche of hacking tools and exploits allegedly used by the Equation Group, a state-sponsored threat actor with suspected ties to the U.S. National Security Agency (NSA).<\/p>\n<p>At its core, the industrial sabotage malware features a set of 101 rules to tamper with mathematical calculations carried out by certain engineering and simulation programs that were prevalent at the time. Although the exact binaries that are patched by the malware is unclear, SentinelOne identified three probable candidates: LS-DYNA version 970, Practical Structural Design and Construction Software (PKPM), and Modelo Hidrodin\u00e2mico (MOHID).<\/p>\n<p>Symantec&#8217;s latest analysis has now confirmed that LS-DYNA and AUTODYN are the two applications targeted by fast16, adding it was designed explicitly to&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/pre-stuxnet-fast16-malware-tampered.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations https:\/\/thehackernews.com\/2026\/05\/pre-stuxnet-fast16-malware-tampered.html Publish Date: 2026-05-18 02:46:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":248114,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEis3jEEpg3n_4z5YYUwDaXETZ4KJGxCqjzrZMHUmpgvOCC7pxoSs6Rn9klL5REej9UUJJxIrOstlQDWjbTeAOUhJ7wFSoTvpLkOVx3hb5fKerxA6NkeNMDQ7bt4F-kLwEPXWZPCsVa_wXaonk9mb9CKTF4cVDToquGN57Xzw1VmszeNoEKVEvtcHMSnTCOi\/s1600\/fast16-stuxnet.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32,34],"class_list":["post-248113","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248113"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=248113"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248113\/revisions"}],"predecessor-version":[{"id":248115,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248113\/revisions\/248115"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/248114"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=248113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=248113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=248113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}