{"id":234937,"date":"2026-04-23T18:00:00","date_gmt":"2026-04-23T22:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/23\/newly-deciphered-sabotage-malware-may-have-targeted-irans-nuclear-program-and-predates-stuxnet\/"},"modified":"2026-04-23T20:00:09","modified_gmt":"2026-04-24T00:00:09","slug":"newly-deciphered-sabotage-malware-may-have-targeted-irans-nuclear-program-and-predates-stuxnet","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/23\/newly-deciphered-sabotage-malware-may-have-targeted-irans-nuclear-program-and-predates-stuxnet\/","title":{"rendered":"Newly Deciphered Sabotage Malware May Have Targeted Iran\u2019s Nuclear Program\u2014and Predates Stuxnet"},"content":{"rendered":"<p><a href=\"https:\/\/www.wired.com\/story\/fast16-malware-stuxnet-precursor-iran-nuclear-attack\/\">Newly Deciphered Sabotage Malware May Have Targeted Iran\u2019s Nuclear Program\u2014and Predates Stuxnet<\/a><\/p>\n<p><a href=\"https:\/\/www.wired.com\/story\/fast16-malware-stuxnet-precursor-iran-nuclear-attack\/\">https:\/\/www.wired.com\/story\/fast16-malware-stuxnet-precursor-iran-nuclear-attack\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-23 18:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.wired.com\">www.wired.com<\/a><\/p>\n<p class=\"paywall\">Instead, Kamluk saw that it was a self-spreading piece of code with very different intentions. Using what was referred to within the code as \u201cwormlet\u201d functionality, Fast16 is designed to copy itself to other computers on the network via Windows\u2019 network share feature. It checks for a list of security applications, and if none are present, installs the Fast16.sys kernel driver on the target machine.<\/p>\n<p class=\"paywall\">That kernel driver then reads the code of applications as they&#8217;re loaded into the computer&#8217;s memory, monitoring for a long list of specific patterns\u2014\u201crules\u201d that allow it to identify when a target application is running. When it detects the target software, it carries out its apparent goal: silently altering the calculations the software is running to imperceptibly corrupt its results.<\/p>\n<p class=\"paywall\">\u201cThis actually had a very significant payload inside, and pretty much everybody who looked at it before had missed it,\u201d says Costin Raiu, a researcher at security consultancy TLP:Black who previously led the team that included Kamluk and Guerrero-Saade at Russian security firm Kaspersky, which did early work analyzing Stuxnet and related malware. \u201cThis is designed to be a long-term, very subtle sabotage which probably would be very, very difficult to notice.\u201d<\/p>\n<p class=\"paywall\">Searching for software that met the criteria of Fast16&#8217;s \u201crules\u201d for an intended sabotage target, Kamluk and Guerrero-Saade found their three candidates: the MOHID, PKPM, and LS-DYNA software. As for the \u201cwormlet\u201d feature, they believe that the spreading mechanism was designed so that when a victim double-checks their calculation or simulation results with a different computer in the same lab, that machine, too, will confirm the erroneous result, making the deception all the more difficult to discover or understand.<\/p>\n<p class=\"paywall\">In terms of other cybersabotage operations, only Stuxnet is remotely in the same class as Fast16, Guerrero-Saade argues. The complexity and sophistication of the malware, too, place it in&#8230;<\/p>\n<p><a href=\"https:\/\/www.wired.com\/story\/fast16-malware-stuxnet-precursor-iran-nuclear-attack\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Newly Deciphered Sabotage Malware May Have Targeted Iran\u2019s Nuclear Program\u2014and Predates Stuxnet https:\/\/www.wired.com\/story\/fast16-malware-stuxnet-precursor-iran-nuclear-attack\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":234938,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/media.wired.com\/photos\/69ea6ad5ba58a984aa33cf3d\/191:100\/w_1280,c_limit\/Security_MalwareMayHaveTargetedIran'sNuclearProgram_03.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[32],"class_list":["post-234937","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/234937"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=234937"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/234937\/revisions"}],"predecessor-version":[{"id":234939,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/234937\/revisions\/234939"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/234938"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=234937"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=234937"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=234937"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}