Enlarge (credit: Getty Images)

Researchers have unearthed never-before-seen wiper malware tied to the Kremlin and an operation two years ago that took out more than 10,000 satellite modems located mainly in Ukraine on the eve of Russia’s invasion of its neighboring country.

AcidPour, as researchers from security firm Sentinel One have named the new malware, has stark similarities to AcidRain, a wiper discovered in March 2022 that Viasat has confirmed was used in the attack on its modems earlier that month. Wipers are malicious applications designed to destroy stored data or render devices inoperable. Viasat said AcidRain was installed on more than 10,000 Eutelsat KA-SAT modems used by the broadband provider seven days prior to the March 2022 discovery of the wiper. AcidRain was installed on the devices after attackers gained access to the company’s private network.

Sentinel One, which also discovered AcidRain, said at the time that the earlier wiper had enough technical overlaps with malware the US government attributed to the Russian government in 2018 to make it likely that AcidRain and the 2018 malware, known as VPNFilter, were closely linked to the same team of developers. In turn, Sentinel One’s report Thursday noting the similarities between AcidRain and AcidPour provides evidence that AcidPour was also created by developers working on behalf of the Kremlin.

Enlarge / A Starlink terminal used by the Ukraine army for drone operations in May 2023. (credit: Getty Images | Pacific Press )

Democratic lawmakers are probing SpaceX over Russia's reported use of Starlink in Ukraine, saying that recent developments raise questions about SpaceX's "compliance with US sanctions and export controls."

SpaceX CEO Elon Musk last month denied what he called "false news reports [that] claim that SpaceX is selling Starlink terminals to Russia," saying that, "to the best of our knowledge, no Starlinks have been sold directly or indirectly to Russia." But Musk's statement didn't satisfy US Reps. Jamie Raskin (D-Md.) and Robert Garcia (D-Calif.), who sent a letter to SpaceX President Gwynne Shotwell yesterday.

"Starlink is an invaluable resource for Ukrainians in their fight against Russia's brutal and illegitimate invasion. It is alarming that Russia may be obtaining and using your technology to coordinate attacks against Ukrainian troops in illegally occupied regions in Eastern and Southern Ukraine, potentially in violation of US sanctions and export controls," Raskin and Garcia wrote.

Enlarge (credit: Getty Images)

A core developer of Nginx, currently the world's most popular web server, has quit the project, stating that he no longer sees it as "a free and open source project… for the public good." His fork, freenginx, is "going to be run by developers, and not corporate entities," writes Maxim Dounin, and will be "free from arbitrary corporate actions."

Dounin is one of the earliest and still most active coders on the open source Nginx project and one of the first employees of Nginx, Inc., a company created in 2011 to commercially support the steadily growing web server. Nginx is now used on roughly one-third of the world's web servers, ahead of Apache.

A tricky history of creation and ownership

Nginx Inc. was acquired by Seattle-based networking firm F5 in 2019. Later that year, two of Nginx's leaders, Maxim Konovalov and Igor Sysoev, were detained and interrogated in their homes by armed Russian state agents. Sysoev's former employer, Internet firm Rambler, claimed that it owned the rights to Nginx's source code, as it was developed during Sysoev's tenure at Rambler (where Dounin also worked). While the criminal charges and rights do not appear to have materialized, the implications of a Russian company's intrusion into a popular open source piece of the web's infrastructure caused some alarm.

Enlarge / Ukraine’s GUR military intelligence unit made its claim following multiple reports in recent days that Russian forces are using Starlink’s distinctive square-shaped terminals. (credit: Pierre Crom/Getty Images)

Russian forces are using Starlink terminals on the front line in Ukraine, according to the Ukrainian military, which said the adoption of Elon Musk’s satellite Internet service by Moscow’s troops was becoming “systemic.”

Ukraine’s GUR military intelligence unit said on Telegram on Sunday that radio intercepts confirmed the use of Starlink terminals by Russian units operating in the occupied Donetsk region of eastern Ukraine.

“Yes, there have been recorded cases of the Russian occupiers using these devices,” Andriy Yusov, a GUR officer, told RBC-Ukraine. “This is starting to take on a systemic nature.”

Enlarge / A service center for "Kyivstar", a Ukrainian telecommunications company, that provides communication services and data transmission based on a broad range of fixed and mobile technologies. (credit: Getty Images)

Ukrainian civilians on Wednesday grappled for a second day of widespread cellular phone and Internet outages after a cyberattack, purportedly carried out by Kremlin-supported hackers, hit the country’s biggest mobile phone and Internet provider a day earlier.

Two separate hacking groups with ties to the Russian government took responsibility for Tuesday’s attack striking Kyivstar, which has said it serves 24.3 million mobile subscribers and more than 1.1 million home Internet users. One group, calling itself Killnet, said on Telegram that “an attack was carried out on Ukrainian mobile operators, as well as on some banks,” but didn’t elaborate or provide any evidence. A separate group known as Solntsepek said on the same site that it took “full responsibility for the cyberattack on Kyivstar” and had “destroyed 10,000 computers, more than 4,000 servers, and all cloud storage and backup systems.” The post was accompanied by screenshots purporting to show someone with control over the Kyivstar systems.

In the city of Lviv, street lights remained on after sunrise and had to be disconnected manually, because Internet-dependent automated power switches didn’t work, according to NBC News. Additionally, the outage prevented shops throughout the country from processing credit payments and many ATMs from functioning, the Kyiv Post said.

Enlarge / This Tesla was judged too damaged to repair and sent to a junkyard. (credit: Courtesy of Max)

This summer, a Vancouver car mechanic named Max got a perplexing ping on his phone: Betty White was in Ukraine and needed his help. This was surprising because she had died on a Canadian highway back in January.

When Max last saw Betty White, his nickname for his Tesla Model Y Performance, they were both in rough shape after getting sideswiped on the highway. Max’s rotator cuff was torn in several places. The small SUV had bounced off multiple concrete barriers at high speed and was bashed in on all four corners, its wheels ripped to pieces. Coolant appeared to be leaking into the battery chamber. From his own work on EVs in the garage, Max knew that Betty was done for. “No auto shop would put a repair person at risk with that kind of damage,” says Max, whose last name isn’t being used out of doxing concerns. A damaged EV battery can become dangerous due to the risk of shocks, fire, and toxic fumes. His insurer agreed, and Betty was written off and sent to a salvage yard.