'fast16' malware is used to make people believe that Iran's nuclear weapons tests have failed, in order to disrupt the tests.
The design intent behind ' fast16 ,' malware intended to disrupt nuclear weapons test simulations, has been revealed. It appears the malware was designed to manipulate simulation data, making it appear as if the simulations had failed when they were actually successful.
fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet | SentinelOne
Experts Confirm the Fast16 Malware Was Sabotaging Nuclear Weapons Tests, Likely in Iran
https://www.zetter-zeroday.com/experts-confirm-the-fast16-malware-was-sabotaging-nuclear-weapons-tests-likely-in-iran/
Fast16: Pre-Stuxnet Sabotage Tool Was Built to Subvert Nuclear Weapons Simulations | SECURITY.COM
https://www.security.com/threat-intelligence/fast16-nuclear-sabotage
fast16 is malware believed to have targeted nuclear testing software, and it cleverly manipulated legitimate data. Specifically, it would wait until the simulation approached the 'supercritical' point where a chain reaction leading to a nuclear explosion would begin, then falsify data on the pressure inside the uranium reactor core, telling engineers that 'the pressure was insufficient to reach supercritical,' contrary to the actual data.
Documents related to this malware revealed that the period in which the malware was actually used overlapped with Iran's nuclear weapons development program, leading researchers to conclude that fast16 'was likely malware designed to disrupt Iran.'
According to security researchers, even if malware only lowers the correct value by a mere 1-5%, engineers may mistakenly believe that 'not enough force was applied to achieve a supercritical state.' While the possibility of computer malfunctions or hijacking is considered in 2026, fast16 was used around 2005, and at that time, computers were generally considered trustworthy, so these possibilities were likely not considered.
This malware had been publicly available on the internet for a long time, but apparently it never caught the attention of researchers.
fast16 was first spotted on the internet in 2017. It was mentioned in connection with the theft of a large amount of tools from the US National Security Agency (NSA) by a mysterious group known as Shadow Brokers, and it was suggested that it was 'created by the NSA or an allied country.' That same year, someone uploaded a sample of the code to a site called VirusTotal, but it remained unnoticed for the next two years. VirusTotal is a site used by security companies and victims of cyberattacks to upload suspicious files, which are then scanned by multiple antivirus engines to determine if they are malicious.
In 2019, researchers at the security firm SentinelOne 'discovered' fast16, and for many years afterward, they attempted to decrypt it but failed. It wasn't until 2026, when they used AI to analyze it, that its design intent became clear.
The researchers speculated that 'although it was unclear which simulation software fast16 was targeting or what kind of experiments it was trying to disrupt, it most likely was trying to disrupt software used for nuclear weapons explosion simulations.'
Incidentally, a similar malware called 'Stuxnet' was discovered around 2010. Stuxnet increased the pressure inside the centrifuge, causing it to rotate uncontrollably, while simultaneously sending false data to the operator, making them believe that the centrifuge was functioning normally.
The researchers stated, 'Stuxnet is the most sophisticated malware we've ever seen, but fast16 is in a league of its own. The level of expertise required to create it and the human effort needed to execute it are enormous, and the fact that it was developed in 2005 is astonishing.'
Related Posts:
in Security, Posted by log1p_kr