Researchers have unearthed a highprecision floating-point arithmetic operations in engineering modeling software, said to predate Stuxnet, a malicious computer worm first uncovered on June 17, 2010. Though Stuxnet is believed to have been in development since at least 2005, Fast16 is now found to be the earliest known state-linked cyber-sabotage framework.
Designed to cripple Iran’s nuclear enrichment programme, the 2010 Stuxnet worm is said to have set a cybersecurity precedent as the first time a nation escalated its activities from strategic espionage to sabotage in cyberspace.
Now, the new discovery by researchers from SentinelOne suggests such operations were in full swing years before Stuxnet came to light. The researchers have tracked down samples of a malware framework that was active in 2005 and targeted engineering modeling software by corrupting high-precision floating-point arithmetic operations.
One component of the framework, a kernel driver called fast16.sys, is briefly mentioned in the 2017 Shadow Brokers leak of documents covering exploits and tools used by US National Security Agency cyber teams.
“This 2005 attack is a harbinger for sabotage operations targeting ultra expensive high-precision computing workloads of national importance like advanced physics, cryptographic, and nuclear research workloads,” the SentinelOne researchers said in their report.
The malware framework uses a variety of techniques that are considered very advanced for malware from that era. A copy was uploaded to the VirusTotal online scanning engine almost a decade ago but remained undetected until researchers went on a hunt for pieces of malware that embed a Lua virtual machine.
The malware uses more than 100 rules to identify the exact workloads it should sabotage. While the researchers don’t know exactly what those workloads were, based on those rules they’ve narrowed down the list of targeted applications to three engineering programs, one of which appears in reports about Iran’s nuclear program and another being widely used in China for construction and structural design.
Chasing Lua-enabled malware Lua is a programming language that originated in the early 1990s and is very popular in game and embedded systems development. Its primary attraction is that it can be embedded into existing C and C++ applications as a scripting engine.
