Discovery of Fast16 Malware: Pre-Stuxnet Sabotage Tool Targeting Iran's Nuclear Program

Severity: High (Score: 74.9)

Sources: Infosecurity-Magazine, Securityaffairs.Co, Cybersecuritynews, Thehackernews

Summary

Researchers have uncovered Fast16, a malware designed to disrupt Iran's nuclear program as early as 2005, predating the well-known Stuxnet worm. This malware, identified by SentinelOne, features an embedded Lua VM and targets high-precision engineering software, specifically LS-DYNA 970, PKPM, and MOHID. Fast16's operational design allows it to introduce systematic errors into critical calculations, potentially undermining scientific research and engineering projects. Unlike typical malware, Fast16 focuses on specific high-value targets rather than broad infections. The malware was also linked to U.S. operations during early cyber tensions, highlighting its geopolitical significance. Fast16 is notable for its environmental awareness, only activating in the absence of certain security software. The discovery emphasizes the long-term strategies employed by state actors in cyber warfare. Key Points: • Fast16 malware was designed to sabotage Iran's nuclear program as early as 2005. • The malware targets high-precision engineering software, causing systematic errors in calculations. • It is linked to U.S. cyber operations, marking it as a significant geopolitical threat.

Key Entities

• Malware (attack_type)
• Worm (attack_type)
• Stuxnet Campaign (campaign)
• Iran (country)
• CWE-287 - Improper Authentication (cwe)
• Fast16 (malware)
• Flame (malware)
• Project Sauron (malware)
• Stuxnet (malware)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• T1547.001 - Registry Run Keys / Startup Folder (mitre_attack)
• Windows (platform)