How Fast16 Sabotaged Iran’s Nuclear Program: Inside the 17‑Year Mystery Unveiled

1. Discovery Path: Shadow Brokers’ "nothing to see here"

The story begins in 2017 when the Shadow Brokers released a cache of alleged NSA tools, including a file drv_list.txt that listed the string "fast16" with the comment "Nothing to see here – carry on". In 2019 SentinelOne researcher Juan Andrés Guerrero‑Saad flagged the sample, and on April 23 2026 SentinelOne published a full reverse‑engineering report. On May 16 2026 Symantec and nuclear‑non‑proliferation expert David Albright confirmed the payload targeted Iran’s Amad nuclear project. The gap from leak to complete analysis spanned nine years.

2. Core Components: A Three‑Layer Sabotage Machine

Fast16 is not a simple virus; it consists of three tightly integrated layers:

Layer 1 – svcmgmt.exe (service wrapper) : Embeds a Lua 5.0 VM that configures, propagates, and coordinates the other modules, acting as the malware’s brain.

Layer 2 – fast16.sys (kernel driver) : Inserts itself into the disk device stack, intercepting all I/O requests. It functions as a low‑level "data‑tampering switch" that reviews every file read/write before it reaches the storage device.

Layer 3 – auxiliary DLLs : Decrypt the encrypted payload and inject patch code, completing the sabotage operation.

The binary was compiled on 30 August 2005, placing its development alongside Stuxnet within the so‑called "Olympic Games" operation allegedly conducted by the United States, Israel, or allied forces.

3. Attack Mechanism: Parameter‑Level Data Deception

Fast16 monitors a critical parameter in nuclear‑physics simulation software – the uranium core density. When the simulated density reaches 30 g/cm³ (the critical threshold for liquid uranium), the malware replaces the genuine calculation result with fabricated data indicating insufficient pressure, causing the simulation to report a "failure" despite a successful test.

This approach differs from traditional sabotage that damages hardware; instead, Fast16 corrupts the data presented to engineers, leading them to waste time and resources adjusting parameters that are already optimal.

4. Target Software: Four Precise Industrial Simulators

LS‑DYNA 970 – Lawrence Livermore’s explicit dynamics code for impact, explosion, and metal forming.

AUTODYN – ANSYS’s nonlinear dynamics tool for shock‑wave and high‑strain‑rate material modeling.

PKPM – China’s dominant structural engineering software used by domestic design institutes.

MOHID – Portugal’s hydrodynamic modeling platform for water flow, sediment, and pollutant transport.

All four are high‑precision physics simulators deployed in air‑gapped environments by national research institutions, making them attractive high‑value targets. The inclusion of PKPM suggests a potential foothold in China’s critical infrastructure design ecosystem.

5. Relationship to Stuxnet: Complementary Siblings

Both Fast16 and Stuxnet belong to the same operational framework but differ in their sabotage strategy:

Stuxnet physically accelerates centrifuge speeds while displaying normal data, causing machines to self‑destruct.

Fast16 leaves the physical test successful but feeds false failure data, misleading engineers about the correctness of their work.

Both share the core concept of subverting data integrity in physically isolated networks – Stuxnet manipulates the physical layer, Fast16 manipulates the data layer.

6. AI‑Assisted Analysis: Solving a 17‑Year Mystery in Minutes

Researchers Vitaly Kamluk and Juan Andrés Guerrero‑Saad fed Fast16’s code to a large language model, which identified the routine that intercepts floating‑point unit operations and explained 101 patch rules targeting specific simulation workflows. This case demonstrates how AI can amplify human reverse‑engineering capabilities, though it also warns that adversaries could use AI to craft more sophisticated malware.

7. Domestic Implications: Lessons for China

The analysis highlights three key warnings:

PKPM’s presence on the target list confirms that China’s critical infrastructure software has already been considered a high‑value attack vector.

Physical air‑gap isolation does not guarantee security; infection can occur via USB ferrying, supply‑chain contamination, or insider social engineering.

High‑precision engineering simulators are prime targets for systematic error‑injection attacks, posing risks far greater than a single centrifuge failure.

Recommended defenses include:

Implement full integrity verification (hash checks) for critical simulation binaries before each run.

Cross‑validate results across multiple independent simulators rather than trusting a single output.

Enforce strict supply‑chain security for imported industrial software.

Use AI as an assistance tool, but retain human oversight for code analysis and behavior monitoring.