Overview
- SentinelOne published a technical report and conference presentation detailing 'fast16,' a previously unknown sabotage framework assessed to date to about 2005.
- The carrier program embeds a Lua 5.0 engine and loads a kernel driver that intercepts file reads to patch executables and nudge floating‑point math off course in precision software.
- Researchers matched the driver’s patch rules to likely targets that include LS-DYNA 970, PKPM, and the MOHID modeling platform, with operation limited to Windows 2000 and XP systems.
- The toolkit could move between machines using weak or default file‑share passwords and it avoided spreading when it detected popular security tools in the Windows Registry.
- A 'fast16' mention in Shadow Brokers files tied to the Equation Group offers an indirect U.S. link that is not confirmed, and the disclosure is prompting vendors and users to review past simulation outputs for hidden errors.