Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet

Researchers analyzed a highly sophisticated malware named Fast16 that uses a "wormlet" to spread across Windows network shares and installs a kernel-mode driver (Fast16.sys) which inspects application memory for specific patterns. When it detects targeted engineering and simulation software (MOHID, PKPM, LS-DYNA), it silently alters calculation results to produce subtle, hard-to-detect sabotage; analysts compare its complexity and intent to Stuxnet and hypothesize a state-sponsored campaign possibly directed against Iran's nuclear program.