SentinelOne researchers have finally decoded Fast16, a piece of sabotage malware created in 2005 that silently corrupted engineering calculations and likely targeted Iran's nuclear program, predating Stuxnet by five years.
History just got an extra chapter. For years, the story of state-sponsored cyberwarfare began with Stuxnet, the malware the US and Israel deployed starting around 2007 to physically destroy Iran's uranium enrichment centrifuges by pushing them past their operational limits. That origin story is now incomplete. Researchers Juan Andres Guerrero-Saade and Vitaly Kamluk at SentinelOne have cracked Fast16, a specimen of malware that dates to 2005, spreads through networks, and was engineered to do something subtler and, in some ways, more insidious than Stuxnet ever attempted.
Fast16 does not destroy machines. It corrupts math. The malware deploys a driver called fast16.sys that patches code in memory to tamper with the output of floating-point calculations inside specific engineering simulation suites. Its potential targets include LS-DYNA 970, PKPM, and the MOHID hydrodynamic modeling platform, software used for structural analysis, crash testing, and environmental modeling. LS-DYNA has been cited in public reporting on Iran's suspected Section T violations under the Joint Comprehensive Plan of Action, in connection with computer modeling relevant to nuclear weapons development.
The trail to Fast16 is itself a remarkable piece of detective work. The code first surfaced as a name, nothing more, in the ShadowBrokers leak of 2016, a trove of NSA tools whose release shook the intelligence community. The reference was terse to the point of being conspicuous: the NSA's own internal guide told agency analysts who encountered Fast16 that there was Fast16 that there was \"nothing to see here, carry on.\" That phrasing, as Wired has reported, is the kind of dismissal that only reinforces suspicion. Guerrero-Saade tracked down an actual code sample on VirusTotal in 2019, but it took seven more years before he and Kamluk could fully decode what it did and why.
The technical constraints in the code place its creation firmly around 2005. Fast16 will not run on anything more recent than Windows XP, and then only on a single-core CPU. Intel shipped its first multi-core consumer processors in 2006, meaning the malware was built for a hardware landscape that disappeared shortly after it was deployed. That narrow compatibility window suggests whoever wrote it was targeting a specific environment, one that matched the computing infrastructure of Iran's nuclear research facilities in the mid-2000s.
The Implications Go Beyond Iran
SentinelOne presented its findings at Black Hat Asia, and the audience reaction tracked the weight of the discovery. The research does not just add a new entry to the annals of state-sponsored hacking. It raises a more unsettling question: if a piece of sabotage malware can sit undetected for 21 years and silently falsify the results of precision engineering software, how confident can anyone be in the integrity of life-critical calculations running on networked machines today? Fast16 was designed for a specific target in a specific era, but the technique, patching floating-point operations in memory without touching the underlying files, is not era-specific.
For cybersecurity teams protecting infrastructure that depends on simulation software, whether in aerospace, energy, civil engineering, or defense, the Fast16 disclosure is a prompt to ask questions that most organizations have never considered. Integrity verification for computational outputs is not a standard part of most security frameworks. It probably should be. The Stuxnet era taught the world that malware could cause physical destruction. Fast16 suggests the more dangerous capability arrived even earlier: software that makes engineers trust results they should not.
Also read: Tech giants unite behind Anthropic's Project Glasswing to secure AI-era software • Stanford's 2026 AI Index reveals China is matching US model performance on a fraction of the budget • Intel's surprise earnings surge signals that CPUs are becoming the quiet backbone of enterprise AI
