Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—And Predates Stuxnet

The discovery of Fast16 reshapes our understanding of the cyber‑sabotage playbook. While Stuxnet has long been the poster child for covert digital attacks on physical infrastructure, Fast16 reveals that a subtler, calculation‑tampering approach was already in use a decade earlier. By infiltrating engineering and scientific applications, the code could cause equipment wear, erroneous research outcomes, or outright system failures without raising alarms, highlighting a previously hidden threat vector that predates the public awareness of state‑level cyber warfare.

Technically, Fast16 operates as a self‑propagating wormlet that drops a kernel driver, Fast16.sys, onto vulnerable machines. The driver monitors loaded applications for specific patterns and, when it identifies a target such as LS‑DYNA, LS‑DYNA, MOHID, or PKPM, it subtly alters numerical results. This method of “calculation poisoning” is especially dangerous because it can produce consistent yet incorrect data across multiple systems, making detection through conventional integrity checks extremely difficult. The malware’s version‑control hints suggest iterative development, implying a long‑term campaign rather than a one‑off strike.

Geopolitically, the evidence linking Fast16 to Iran’s AMAD nuclear project suggests that the United States and its allies were experimenting with covert sabotage well before the publicly acknowledged Olympic Games operation. If Fast16 or similar tools were deployed against other high‑value targets, the implications span from nuclear proliferation to critical infrastructure worldwide. The revelation underscores the urgent need for robust software provenance, hardened simulation environments, and continuous threat‑intel sharing to defend against invisible manipulation of the calculations that underpin modern engineering and scientific breakthroughs.