Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to Axios Closer for insights into the day’s business news and trends and why they matter

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Stay on top of the latest market trends

Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios NW Arkansas

Stay up-to-date on the most important and interesting stories affecting NW Arkansas, authored by local reporters

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

A wooden sculpture made of linden representing Russian President Vladimir Putin riding a bear at a souvenir shop in Saint Petersburg. Photo: Mladen Antonov/AFP via Getty Images

Cozy Bear, the less-discussed of the two Russian hacker groups that breached the Democratic National Committee in 2016, had been thought to be scaling back operations since that election, but a new report finds the group instead became more covert.

The big picture: The report, from cybersecurity firm ESET, shows that Cozy Bear switched to a different toolkit after 2016, continuing to target the ministries of foreign affairs in at least three European countries and the Washington, D.C., embassy of a European country.

Background: Cozy Bear, also called APT29 and The Dukes, has been associated with the Russian Federal Security Service and the Foreign Intelligence Service. Fancy Bear, its more famous cousin, is connected to the Main Directorate of the General Staff of the Armed Forces.

  • Russia runs a competitive model, wherein separate intelligence agencies are encouraged to breach the same targets.
  • Unlike other Russian groups, Cozy Bear's attacks are not associated with sabotage efforts.

Cozy Bear didn't disappear completely after 2016, but its attacks appeared to dramatically decline. There were flurries of breaches linked to the group in 2017 against U.S. think tanks, as well as several attacks around the 2018 elections against defense contractors, media and other verticals.

  • Even with the new campaign, Cozy Bear still does not appear to be as active as it was in 2016.

What's happening: ESET found evidence that the group maintained some of its anonymity since 2018 by using four previously undocumented strains of malware.

  • Some of that malware has been detected as early as 2013. Others appear to be new as of last year.
  • The new malware was found in organizations known to have been breached by Cozy Bear — sometimes as recently as three months before the new strains appeared in their systems.
  • ESET is calling this campaign "Operation Ghost."

As with previous Cozy Bear malware, the new strains used publicly available internet services like Reddit, Twitter and OneDrive to communicate and take instruction from operatives running the campaign.

  • The new malware also hid payloads in image files to disguise network traffic.

Go deeper

14 hours ago - Health

FDA advisory panel recommends Pfizer boosters for those 65 and older

A healthcare worker prepares a dose of the Pfizer-BioNTech Covid-19 vaccine at the Key Biscayne Community Center on Aug. 24, 2021. Photo: Eva Marie Uzcategui/Bloomberg via Getty Images

A key Food and Drug Administration advisory panel on Friday overwhelmingly voted against recommending Pfizer vaccine booster shots for younger Americans, but unanimously recommended approving the third shots for individuals 65 and older, as well as those at high-risk of severe COVID-19.

Why it matters: While the votes are non-binding, and the FDA must still make a final decision, Friday's move pours cold water on the Biden administration's plan to begin administering boosters to most individuals who received the Pfizer vaccine later this month.

14 hours ago - World

France recalls ambassadors from U.S. and Australia over submarine deal

Secretary of State Antony Blinken (L), French Foreign Minister Jean-Yves Le Drian (C), and French ambassador to the U.S. Philippe Etienne. Photo: Nicholas Kamm/AFP via Getty Images

France has taken the extraordinary step of recalling its ambassadors to the U.S. and Australia after both countries blindsided their French allies with a new military pact and submarine contract, the French Foreign Ministry announced on Friday.

The backstory: While sealing an agreement with the U.S. and U.K. to acquire nuclear submarines, Australia ripped up an existing $90 billion submarine deal with France. That led senior French officials to accuse the U.S. of a "stab in the back."

Updated 15 hours ago - World

In reversal, Pentagon now says drone strike killed 10 Afghan civilians

Caskets for the dead are carried towards the gravesite as relatives and friends attend a mass funeral for members of a family that is said to have been killed in a U.S. drone airstrike, in Kabul on Aug. 30. Photo: Marcus Yam/Los Angeles Times via Getty Images

A U.S. drone strike launched on Aug. 29 killed 10 civilians in Afghanistan, including seven children, rather than the Islamic State extremists the Biden administration claimed it targeted, the Pentagon said Friday.

Why it matters: U.S. Central Command said at the time that officials "know" the drone strike "disrupted an imminent ISIS-K threat" to Kabul's airport, and that they were "confident we successfully hit the target."