Solar Storms Are Speeding Up Starlink Satellite Failures - 1

Image by SpaceX, from Unsplash

Solar Storms Are Speeding Up Starlink Satellite Failures

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

NASA has discovered that solar activity is making Starlink satellites fall to Earth faster, raising concerns about debris and satellite longevity.

In a rush? Here are the quick facts:

  • Solar activity is shortening Starlink satellites’ orbital lifespans.
  • Geomagnetic storms increase atmospheric drag on low-Earth satellites.
  • NASA tracked 523 Starlink satellite re-entries from 2020–2024.

NASA researchers have discovered that SpaceX Starlink satellites experience accelerated descent toward Earth because of the recent increased solar activity, as first reported by New Scientist (NS).

The solar activity cycle, which lasts 11 years, reached its peak in late 2024. During the solar maximum period, bursts of solar energy heat the atmosphere, causing it to expand. NS explains that this expansion increases atmospheric drag, primarily affecting satellites in low-Earth orbit, such as the 7,000+ Starlink satellites that provide internet connectivity.

“When we have geomagnetic storms, satellites re-enter faster than expected,” said Denny Oliveira from NASA’s Goddard Space Flight Center, as reported by NS. NASA found that satellite lifespans could be cut short by as much as 10 days during intense solar activity.

Between 2020 and 2024, 523 Starlink satellites re-entered Earth’s atmosphere and burned up. But Oliveira warns, “In a few years, we will have satellites re-entering every day,” as reported by NS.

While some re-entries are planned, others happen due to unexpected failure or solar interference. Satellites orbiting below 300 km descend more quickly during intense geomagnetic storms, shortening their re-entry period to five days instead of the usual 15.

Samantha Lawler, an astronomer at Canada’s University of Regina, says this is the first time we’ve seen the effects of solar maximum on such a massive satellite constellation. “It is important to do these measurements.,” she added, as noted by NS.

The process, according to Sean Elvidge from the University of Birmingham, helps remove dead satellites from orbit. However, it also introduces potential hazards. Rapid satellite descents reduce the time available for them to fully burn up, increasing the risk of debris reaching Earth’s surface.

NS notes that in August 2024, a 2.5-kilogram piece of Starlink satellite debris was found on a farm in Saskatchewan. Lawler questioned how many other fragments might have gone undetected, saying, “If we found one (piece), how many did we miss?”

Self-Replicating Zombie Malware Targets Docker - 2

Image by Henrik L., from Unsplash

Self-Replicating Zombie Malware Targets Docker

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Unsecured Docker containers are hijacked by malware that spreads autonomously, creating a zombie network mining the privacy-focused cryptocurrency Dero.

In a rush? Here are the quick facts:

  • Malware spreads autonomously without a command-and-control server, complicating defense.
  • Two Golang implants: fake nginx tool and hidden Dero cloud miner.
  • Malware hijacks existing containers and creates new malicious containers automatically.

A new cryptojacking campaign is turning unsecured Docker containers into a fast-spreading zombie network that mines the privacy-focused cryptocurrency Dero. The malware spreads on its own, without a command-and-control server, making it harder to stop.

Researchers at Kaspersky discovered the infection during a routine security assessment. “We detected a number of running containers with malicious activities,” they said.

The attack begins when exposed Docker APIs are found online. Once one is breached, the malware creates new malicious containers and hijacks existing ones—turning them into “zombies” that mine Dero and infect others.

The attack uses two Golang-based malware implants, both hidden with UPX packing: one is named nginx (not to be confused with the legitimate web server), and the other is the cloud Dero miner. Kaspersky identified them as Trojan.Linux.Agent.gen and RiskTool.Linux.Miner.gen.

The nginx malware fakes being a legitimate web tool and keeps the miner running while constantly scanning the internet for new targets. It looks for Docker APIs open on port 2375 and uses tools like masscan to detect them. Once it finds a vulnerable system, it deploys a fake Ubuntu container and installs the malware.

It also tries to take over existing containers by checking for a special file, version.dat. If the file is missing, it installs the malware and starts mining.

The cloud miner hides its wallet and server addresses using encrypted strings. Once decrypted, researchers traced them back to past attacks on Kubernetes clusters.

“This implant is designed to minimize interaction with the operator,” the report says, warning that similar campaigns may still be active.

Security experts warn that as long as Docker APIs are exposed online without protection, such cryptojacking campaigns will continue. Users should secure their Docker environments by disabling open APIs and tightening network access controls.