Stuxnet marked a before and an after in the history of cybersecurity. Discovered in 2010, it is considered the first cyberweapon specifically designed to cause physical damage to industrial infrastructures, with an objective generally attributed to the sabotage of the Iranian nuclear program.
The malware was prepared to attack Siemens control systems employed in uranium enrichment centrifuges in Iran. Its operation went beyond espionage or information theft. It altered the behavior of the machines while showing operators false data that appeared to be normal activity, which allowed the deterioration to advance without being detected in time by the engineers.
A silent sabotage in isolated facilities
The threat spread through USB drives, a key detail because its operating environment was isolated facilities without an Internet connection. To make its way, Stuxnet exploited several unknown vulnerabilities, known in the technical field as zero days, which raised its level of sophistication far above the usual malware of its time.
Estimates suggest that it destroyed a significant part of the centrifuges at the Natanz plant and that its impact managed to delay the Iranian nuclear program for several years. Although there was never an official confirmation, numerous experts have attributed its development to the United States.
The finding of a possible precursor
Now, researchers from the security firm SentinelOne have identified a previous malware with a similar modus operandi, created around 2005 and known internally as Fast16. The piece was not aimed at destroying systems directly, but at introducing progressive and difficult-to-detect errors in high-precision engineering and science environments.
In appearance, Fast16 presented itself as a normal Windows program. Once active, it could infiltrate important computer programs and modify them while they were running, altering calculation and simulation results. That design made it especially suitable for manipulating advanced technical software used in scientific simulations intended to study explosions or physical impacts.
Covert manipulation and movement within the network
The malware also included a system that allowed attackers to change its behavior in real time. It was also linked to a homonymous component, Fast16, designed to move within computer networks using legitimate tools of the operating system itself, a tactic that complicated its detection.
The main difference with Stuxnet is that it did not seek immediate physical damage to industrial machinery. Its effect was more subtle. It introduced small cumulative alterations in calculations and simulations, with the capacity to divert results without raising suspicions at first.
The NSA lead
The name Fast16 had already appeared in 2017 in a leak of tools associated with the National Security Agency of the United States. In that material, Fast16 appeared linked to espionage tools considered reliable within intelligence operations.
SentinelOne does not establish a definitive attribution, but its researchers maintain that the moment it was created, its technical complexity, and its subsequent relationship with that leak strongly suggest governmental or military backing from the United States or a close ally. The finding reinforces the idea that offensive operations in cyberspace had been evolving for years before Stuxnet brought that reality to public light.