The third potential target that matched the rules, Modelo Hidrodinâmico (MOHID), is an open-source water modeling system developed at the Instituto Superior Técnico in Lisbon, Portugal. The software covers hydrodynamics, water quality simulation, sediment transport, oil spill modeling, and Lagrangian particle tracking.
Implications
The SentinelOne researchers could not definitely say which workflows from these three possible programs were specifically targeted by the malware, but the implication is clear: Strategic industrial sabotage using malware was being performed by nation-state actors as far back as 20 years ago, before Stuxnet was used to damage uranium enrichment centrifuges at Iran’s nuclear plant in Natanz by injecting malicious code into programmable logic controllers.
“If I had to guess, I think the target was the simulation of specific material physics, and the implant was intended to mess with their characteristic curves (e.g. stress-strain),” independent researcher Ruben Santamarta, who also analyzed the fast16 FPU patching code, posted on LinkedIn. “For example, this would make engineers think something is more resistant than expected, when in reality, it would fail earlier than expected … as in Stuxnet.”
