The Oreshnik missiles strike their targets at speeds of up to Mach 10, or 2.5 to 3 kilometers per second, Putin said. “The existing air defense systems around the world, including those being developed by the US in Europe, are unable to intercept such missiles.”
A global war?
In perhaps the most chilling part of his remarks, Putin said the conflict in Ukraine is “taking on global dimensions” and said Russia is entitled to use missiles against Western countries supplying weapons for Ukraine to use against Russian targets.
“In the event of escalation, we will respond decisively and in kind,” Putin said. “I advise the ruling elites of those countries planning to use their military forces against Russia to seriously consider this.”
The change in nuclear doctrine authorized by Putin earlier this week also lowers the threshold for Russia’s use of nuclear weapons to counter a conventional attack that threatens Russian “territorial integrity.”
This seems to have already happened. Ukraine launched an offensive into Russia’s Kursk region in August, taking control of more than 1,000 square kilometers of Russian land. Russian forces, assisted by North Korean troops, are staging a counteroffensive to try to retake the territory.
Singh called Russia’s invitation of North Korean troops “escalatory” and said Putin could “choose to end this war today.”
US officials say Russian forces are suffering some 1,200 deaths or injuries per day in the war. In September, The Wall Street Journal reported that US intelligence sources estimated that a million Ukrainians and Russians had been killed or wounded in the war.
The UN Human Rights Office most recently reported that 11,973 civilians have been killed, including 622 children, since the start of the full-scale Russian invasion in February 2022.
“We warned Russia back in 2022 not to do this, and they did it anyways, so there are consequences for that,” Singh said. “But we don’t want to see this escalate into a wider regional conflict. We don’t seek war with Russia.”
Earlier this week, North Korea apparently completed a successful test of its most powerful intercontinental ballistic missile, lofting it nearly 4,800 miles into space before the projectile fell back to Earth.
This solid-fueled, multi-stage missile, named the Hwasong-19, is a new tool in North Korea’s increasingly sophisticated arsenal of weapons. It has enough range—perhaps as much as 9,320 miles (15,000 kilometers), according to Japan’s government—to strike targets anywhere in the United States.
The test flight of the Hwasong-19 on Thursday was North Korea’s first test of a long-range missile in nearly a year, coming as North Korea deploys some 10,000 troops inside Russia just days before the US presidential election. US officials condemned the missile launch as a “provocative and destabilizing” action in violation of UN Security Council resolutions.
The budding partnership between Russia and North Korea has evolved for several years. Russian President Vladimir Putin has met with North Korean leader Kim Jong Un on multiple occasions, most recently in Pyongyang in June. Last September, the North Korean dictator visited Putin at the Vostochny Cosmodrome, Russia’s newest launch base, where the leaders inspected hardware for Russia’s Angara rocket.
The visit to Vostochny fueled speculation that Russia might provide missile and space technology to North Korea in exchange for Kim’s assistance in the fight against Ukraine. This week, South Korea’s defense minister said his government has identified several areas where North Korea likely seeks help from Russia.
“In exchange for their deployment, North Korea is very likely to ask for technology transfers in diverse areas, including the technologies relating to tactical nuclear weapons technologies related to their advancement of ICBMs, also those regarding reconnaissance satellites and those regarding SSBNs [ballistic missile submarines] as well,” said Kim Yong-hyun, South Korea’s top military official, on a visit to Washington.
“Remove some entries due to various compliance requirements. They can come back in the future if sufficient documentation is provided.”
That two-line comment, submitted by major Linux kernel maintainer Greg Kroah-Hartman, accompanied a patch that removed about a dozen names from the kernle’s MAINTAINERS file. “Some entries” notably had either Russian names or .ru email addresses. “Various compliance requirements” was, in this case, sanctions against Russia and Russian companies, stemming from that country’s invasion of Ukraine.
This merge did not go unnoticed. Replies on the kernel mailing list asked about this “very vague” patch. Kernel developer James Bottomley wrote that “we” (seemingly speaking for Linux maintainers) had “actual advice” from Linux Foundation counsel. Employees of companies on the Treasury Department’s Office of Foreign Assets Control list of Specially Designated Nationals and Blocked Persons (OFAC SDN), or connected to them, will have their collaborations “subject to restrictions,” and “cannot be in the MAINTAINERS file.” “Sufficient documentation” would mean evidence that someone does not work for an OFAC SDN entity, Bottomley wrote.
There followed a number of messages questioning the legitimacy, suddenness, potentially US-forced, and non-reviewed nature of the commit, along with broader questions about the separation of open source code from international politics. Linux creator Linus Torvalds entered the thread with, “Ok, lots of Russian trolls out and about.” He wrote: “It’s entirely clear why the change was done” and noted that “Russian troll factories” will not revert it and that “the ‘various compliance requirements’ are not just a US thing.
Wars of necessity spawn weapons innovation as each side tries to counter the other’s tactics and punch through defenses. For instance—as the Russian invasion of Ukraine has made drone warfare real, both sides have developed ways to bring down drones more easily. One recent Ukrainian innovation has been building counter-drone ramming drones that literally knock Russian drones from the sky.
In the case of the trench warfare that currently dominates the Russian invasion of eastern Ukraine, the Ukrainians have another new tactic: dragon’s fire. Delivered by drone.
Videos have begun to circulate on Telegram and X this week from Ukrainian units showing their new weapon. (You can see three of them below.) The videos each show a drone moving deliberately along a trench line as it releases a continuous stream of incendiary material, which often starts fires on the ground below (and ignites nearby ammunition).
The most terrifying development in drone warfare I’ve seen thus far. Makes FPVs with unitary warheads look like a walk in the park.
The POV videos of incendiary rockets cascading burning magnesium and thermite were horrifying, but this is next level. pic.twitter.com/muF2kbHPqJ
This drone type is allegedly called “Dragon” and is said to feature thermite, a mixture of metal powder (usually aluminum) and metal oxide (in this case, said to be iron). When a thermite mixture is ignited, it undergoes a redox reaction that releases an enormous amount of heat energy and can burn anywhere. It can get really, really hot.
The products emerge as liquids due to the high temperatures reached (up to 2,500° C [4,532° F] with iron(III) oxide)—although the actual temperature reached depends on how quickly heat can escape to the surrounding environment. Thermite contains its own supply of oxygen and does not require any external source of air. Consequently, it cannot be smothered, and may ignite in any environment given sufficient initial heat. It burns well while wet, and cannot be easily extinguished with water—though enough water to remove sufficient heat may stop the reaction.
Whether such weapons make any difference on the battlefield remains unclear, but the devices are a reminder of how much industrial and chemical engineering talent in Ukraine is currently being directed into new methods of destruction.
Imagine receiving a traffic ticket in the mail because you were speeding down a Russian road in Kursk with a Ukrainian attack drone on your tail. That’s the reality facing some Russians living near the front lines after Ukraine’s surprise seizure of Russian territory in Kursk Oblast. And they’re complaining about it on Telegram.
Rob Lee, a well-known analyst of the Ukraine/Russia war, comments on X that “traffic cameras are still operating in Kursk, and people are receiving speeding fines when trying to outrun FPVs [first-person-view attack drones]. Some have resorted to covering their license plates but the traffic police force them to remove them.”
Volunteers and military volunteers who arrived in the Kursk region are asking the traffic police not to fine them for speeding when they are escaping from the drones of the Ukrainian Armed Forces.
Several people who are near the combat zone told Mash about this. Cameras are still recording violations in the border area, and when people try to escape from the drones, they receive letters of happiness [tickets]. One of the well-known military activists was charged 9k [rubles, apparently—about US$100] in just one day. He accelerated on a highway that is attacked almost every hour by enemy FPV drones. Some cover their license plates, but the traffic police stop them and demand that they remove the stickers.
Mash claims that the traffic police are sympathetic and that given the drone situation, “speeding can be considered as committed in a state of extreme necessity.” But those who receive a speeding ticket will have to challenge it in court on these grounds.
The attack drones at issue here are widely used even some distance beyond the current front lines. Russian milbloggers, for instance, have claimed for more than a week that Ukrainian drones are attacking supply vehicles on the important E38 highway through Kursk, and they have published photos of burning vehicles along the route. (The E38 is significantly to the north of known Ukrainian positions.)
So Russians are understandably in something of a hurry when on roads like this. But the traffic cameras don’t care—and neither, apparently, do the traffic police, who keep the cameras running.
Estonian X account “WarTranslated” provides English translations of Russian Telegram posts related to the Ukraine war, and the traffic cam issue has come up multiple times. According to one local Russian commentator, “In frontline areas, they continue to collect fines for violating traffic rules… For example, drivers exceed the speed limit in order to get away from the drone, or drive quickly through a dangerous place; the state regularly collects fines for this.”
Another Russian complains, “The fact is that in the Kursk region, surveillance cameras that monitor speeding continue to operate. There are frequent cases when fighters are fined when they run away from enemy FPV drones. Papering over license plates on cars does not help, either. For example, a guy from the People’s Militia of the city of Kurchatov was sent to 15 days of arrest because of a taped-over license plate.”
Researchers have unearthed never-before-seen wiper malware tied to the Kremlin and an operation two years ago that took out more than 10,000 satellite modems located mainly in Ukraine on the eve of Russia’s invasion of its neighboring country.
AcidPour, as researchers from security firm Sentinel One have named the new malware, has stark similarities to AcidRain, a wiper discovered in March 2022 that Viasat has confirmed was used in the attack on its modems earlier that month. Wipers are malicious applications designed to destroy stored data or render devices inoperable. Viasat said AcidRain was installed on more than 10,000 Eutelsat KA-SAT modems used by the broadband provider seven days prior to the March 2022 discovery of the wiper. AcidRain was installed on the devices after attackers gained access to the company’s private network.
Sentinel One, which also discovered AcidRain, said at the time that the earlier wiper had enough technical overlaps with malware the US government attributed to the Russian government in 2018 to make it likely that AcidRain and the 2018 malware, known as VPNFilter, were closely linked to the same team of developers. In turn, Sentinel One’s report Thursday noting the similarities between AcidRain and AcidPour provides evidence that AcidPour was also created by developers working on behalf of the Kremlin.
AcidPour also shares programming similarities with another piece of malware attributed to Sandworm: CaddyWiper, which was used against various targets in Ukraine.
“AcidPour is programmed in C without relying on statically compiled libraries or imports,” Thursday’s report noted. “Most functionality is implemented via direct syscalls, many called through the use of inline assembly and opcodes.” Developers of CaddyWiper used the same approach.
Bolstering the theory that AcidPour was created by the same Russian threat group behind previous attacks on Ukraine, a representative with Ukraine’s State Service of Special Communications and Information Protection told Cyberscoop that AcidPour was linked to UAC-0165, a splinter group associated with Sandworm (a much larger threat group run by Russia’s military intelligence unit, GRU). Representatives with the State Service of Special Communications and Information Protection of Ukraine didn’t immediately answer an email seeking comment for this post.
Sandworm has a long history of targeting Ukrainian critical infrastructure. Ukrainian officials said last September that UAC-0165 regularly props up fake hacktivist personas to take credit for attacks the group carries out.
Sentinel One researchers Juan Andrés Guerrero-Saade and Tom Hegel went on to speculate that AcidPour was used to disrupt multiple Ukrainian telecommunications networks, which have been down since March 13, three days before the researchers discovered the new wiper. They point to statements a persona known as SolntsepekZ made on Telegram that took responsibility for hacks that took out Triangulum, a consortium providing telephone and Internet services under the Triacom brand, and Misto TV.
The weeklong outage has been confirmed anecdotally and by Network intelligence firm Kentik and content delivery network Cloudflare, with the latter indicating the sites remained inoperable at the time this post went live on Ars. As of Thursday afternoon California time, Misto-TV’s website displayed the following network outage notice:
“At this time, we cannot confirm that AcidPour was used to disrupt these ISPs,” Guerrero-Saade and Hegel wrote in Thursday’s post. “The longevity of the disruption suggests a more complex attack than a simple DDoS or nuisance disruption. AcidPour, uploaded 3 days after this disruption started, would fit the bill for the requisite toolkit. If that’s the case, it could serve as another link between this hacktivist persona and specific GRU operations.”
The researchers added:
“The transition from AcidRain to AcidPour, with its expanded capabilities, underscores the strategic intent to inflict significant operational impact. This progression reveals not only a refinement in the technical capabilities of these threat actors but also their calculated approach to select targets that maximize follow-on effects, disrupting critical infrastructure and communications.”
Ukrainian civilians on Wednesday grappled for a second day of widespread cellular phone and Internet outages after a cyberattack, purportedly carried out by Kremlin-supported hackers, hit the country’s biggest mobile phone and Internet provider a day earlier.
Two separate hacking groups with ties to the Russian government took responsibility for Tuesday’s attack striking Kyivstar, which has said it serves 24.3 million mobile subscribers and more than 1.1 million home Internet users. One group, calling itself Killnet, said on Telegram that “an attack was carried out on Ukrainian mobile operators, as well as on some banks,” but didn’t elaborate or provide any evidence. A separate group known as Solntsepek said on the same site that it took “full responsibility for the cyberattack on Kyivstar” and had “destroyed 10,000 computers, more than 4,000 servers, and all cloud storage and backup systems.” The post was accompanied by screenshots purporting to show someone with control over the Kyivstar systems.
In the city of Lviv, street lights remained on after sunrise and had to be disconnected manually, because Internet-dependent automated power switches didn’t work, according to NBC News. Additionally, the outage prevented shops throughout the country from processing credit payments and many ATMs from functioning, the Kyiv Post said.
The outage also disrupted air alert systems that warn residents in multiple cities of incoming missile attacks, a Ukrainian official said on Telegram. The outage forced authorities to rely on backup alarms.
“Cyber specialists of the Security Service of Ukraine and ‘Kyivstar’ specialists, in cooperation with other state bodies, continue to restore the network after yesterday’s hacker attack,” officials with the Security Service of Ukraine said. “According to preliminary calculations, it is planned to restore fixed Internet for households on December 13, as well as start the launch of mobile communication and Internet. The digital infrastructure of ‘Kyivstar’ was critically damaged, so the restoration of all services in compliance with the necessary security protocols takes time.”
Kyivstar suspended mobile and Internet service on Tuesday after experiencing what company CEO Oleksandr Komarov said was an “unprecedented cyberattack” by Russian hackers. The attack represents one of the biggest compromises on a civilian telecommunications provider ever and one of the most disruptive so far in the 21-month Russia-Ukraine war. Kyivstar’s website remained unavailable at the time this post went live on Ars.
According to a report by the New Voice of Ukraine, hackers infiltrated Kyivstar’s infrastructure after first hacking into an internal employee account.
Solntsepek, one of two groups taking responsibility for the attack, has links to “Sandworm,” the name researchers use to track a hacking group that works on behalf of a unit within the Russian military known as the GRU. Sandworm has been tied to some of the most destructive cyberattacks in history, most notably the NotPetya worm, which caused an estimated $10 billion in damage worldwide. Researchers have also attributed Ukrainian power outages in 2015 and 2016 to the group.