Fast16 Malware Predating Stuxnet May Have Targeted Iran Nuclear Program
Original: Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet
Why This Matters
Reveals early evolution of sophisticated state-sponsored cybersabotage techniques
SentinelOne researchers decoded Fast16 malware from 2005, potentially created by US or allies, designed to silently manipulate engineering calculation software. The malware could alter simulation results in applications like LS-DYNA used in Iranian nuclear research, predating Stuxnet by two years.
Cybersecurity researchers Vitaly Kamluk and Juan Andrés Guerrero-Saade from SentinelOne successfully reverse-engineered Fast16 malware, whose existence was revealed in 2017 NSA leaks but remained mysterious until now. Created in 2005, the malware represents sophisticated sabotage capabilities that predate the famous Stuxnet attack by two years. Fast16 spreads across networks and manipulates high-precision mathematical calculations in simulation software, causing subtle failures that could lead to equipment damage or faulty research conclusions. The researchers identified three potential target applications: Portuguese MOHID water modeling software, Chinese PKPM construction engineering software, and notably LS-DYNA physical simulation software originally developed by Lawrence Livermore National Laboratory scientists. Evidence suggests LS-DYNA was used by Iranian scientists in nuclear weapons research, making it a likely target for the US-created malware.