Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—And Predates Stuxnet

A mysterious piece of sabotage-focused malware

known as FAST16 has after many years

finally been deciphered.

It's a piece of code designed to silently tamper with

and corrupt calculations and research

and engineering software.

This malware seems to have been created by the US

or an ally,

and it may have been used against Iran's nuclear program.

It also rewrites the entire history

of state-sponsored cyber sabotage operations as we know it.

Let's start at the beginning.

Fast16 first came to light in April, 2017,

when the hacker group known as Shadow Brokers

leaked a vast collection of NSA tools.

One of those tools appeared designed to help NSA operators

who were hacking into networks around the world

avoid conflicts with other hacking operations.

That program merely notes for Fast16,

Nothing to see here, carry on,

strongly suggesting FAST16 was created by the US

or an allied country.

It wasn't until 2019 that cybersecurity researcher,

Juan Andres Guerrero-Saade found the actual code for FAST16

which dates back to 2005.

That means it was created even before the legendary Stuxnet,

malware that the US

and Israel deployed against Iran in 2007

to silently accelerate nuclear enrichment centrifuges

until they destroyed themselves.

It still took another seven years to figure out

what Fast16 actually did.

Now, Guerrero-Saade

and his colleague, Vitaly Kamluk,

at cybersecurity firm SentinelOne say they've cracked it.

Fast16 was designed to carry out the most subtle form

of sabotage ever seen in a malware tool found in the wild.

This malware can, according to researchers,

automatically spread within a network

and silently alter the results of programs

that perform high-precision mathematical calculations

and simulate physical phenomena

while remaining almost undetectable.

Through these invisible manipulations,

Fast16 can cause failures

that range from faulty research results

to catastrophic damage to real world equipment.

The researcher's analysis of the tool

has produced an unconfirmed, but still tantalizing theory

that it was used, like Stuxnet,

against Iran's nuclear weapons program.

That's because one of the types

of software Fast16 appears designed

to target is the modeling program LS-DYNA,

which Iranian scientists have used

for research into subjects like the behavior

of different explosives,

work that may have contributed

to Iran's nuclear weapons research.

The fact that Fast16 remained undetected for so long

suggests it was only ever used against

a small number of targets to maintain secrecy,

but it nonetheless raises a paranoia inducing concern,

anyone working on complex research

or engineering projects that a powerful government

might want to sabotage by a hacking

now has to ask themselves

whether they can really trust their computer's results

or whether they could ever trust them

for the last two decades.

For more on Fast16, read our story at wire.com.