Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Stay on top of the latest market trends

Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

A wooden sculpture made of linden representing Russian President Vladimir Putin riding a bear at a souvenir shop in Saint Petersburg. Photo: Mladen Antonov/AFP via Getty Images

Cozy Bear, the less-discussed of the two Russian hacker groups that breached the Democratic National Committee in 2016, had been thought to be scaling back operations since that election, but a new report finds the group instead became more covert.

The big picture: The report, from cybersecurity firm ESET, shows that Cozy Bear switched to a different toolkit after 2016, continuing to target the ministries of foreign affairs in at least three European countries and the Washington, D.C., embassy of a European country.

Background: Cozy Bear, also called APT29 and The Dukes, has been associated with the Russian Federal Security Service and the Foreign Intelligence Service. Fancy Bear, its more famous cousin, is connected to the Main Directorate of the General Staff of the Armed Forces.

  • Russia runs a competitive model, wherein separate intelligence agencies are encouraged to breach the same targets.
  • Unlike other Russian groups, Cozy Bear's attacks are not associated with sabotage efforts.

Cozy Bear didn't disappear completely after 2016, but its attacks appeared to dramatically decline. There were flurries of breaches linked to the group in 2017 against U.S. think tanks, as well as several attacks around the 2018 elections against defense contractors, media and other verticals.

  • Even with the new campaign, Cozy Bear still does not appear to be as active as it was in 2016.

What's happening: ESET found evidence that the group maintained some of its anonymity since 2018 by using four previously undocumented strains of malware.

  • Some of that malware has been detected as early as 2013. Others appear to be new as of last year.
  • The new malware was found in organizations known to have been breached by Cozy Bear — sometimes as recently as three months before the new strains appeared in their systems.
  • ESET is calling this campaign "Operation Ghost."

As with previous Cozy Bear malware, the new strains used publicly available internet services like Reddit, Twitter and OneDrive to communicate and take instruction from operatives running the campaign.

  • The new malware also hid payloads in image files to disguise network traffic.

Go deeper

Buffett eyes slow U.S. progress, but says "never bet against America"

Warren Buffett in New York City in 2017. Photo: Daniel Zuchnik/WireImage

Warren Buffett called progress in America "slow, uneven and often discouraging," but retained his long-term optimism in the country, in his closely watched annual shareholder letter released Saturday morning.

Why it matters: It breaks months of uncharacteristic silence from the 90-year-old billionaire Berkshire Hathaway CEO — as the fragile economy coped with the pandemic and the U.S. saw a contentious presidential election.

Restaurant software meets the pandemic moment

Illustration: Annelise Capossela/Axios

Food delivery companies have predictably done well during the pandemic. But restaurant software providers are also having a moment as eateries race to handle the avalanche of online orders resulting from severe in-person dining restrictions.

Driving the news: Olo filed last week for an IPO and Toast is rumored to be preparing to do the same very soon.

Bryan Walsh, author of Future
4 hours ago - Technology

How the automation economy can turn human workers into robots

Illustration: Sarah Grillo/Axios

More than outright destroying jobs, automation is changing employment in ways that will weigh on workers.

The big picture: Right now, we should be less worried about robots taking human jobs than people in low-skilled positions being forced to work like robots.