Get the latest market trends in your inbox

Stay on top of the latest market trends and economic insights with the Axios Markets newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

A wooden sculpture made of linden representing Russian President Vladimir Putin riding a bear at a souvenir shop in Saint Petersburg. Photo: Mladen Antonov/AFP via Getty Images

Cozy Bear, the less-discussed of the two Russian hacker groups that breached the Democratic National Committee in 2016, had been thought to be scaling back operations since that election, but a new report finds the group instead became more covert.

The big picture: The report, from cybersecurity firm ESET, shows that Cozy Bear switched to a different toolkit after 2016, continuing to target the ministries of foreign affairs in at least three European countries and the Washington, D.C., embassy of a European country.

Background: Cozy Bear, also called APT29 and The Dukes, has been associated with the Russian Federal Security Service and the Foreign Intelligence Service. Fancy Bear, its more famous cousin, is connected to the Main Directorate of the General Staff of the Armed Forces.

  • Russia runs a competitive model, wherein separate intelligence agencies are encouraged to breach the same targets.
  • Unlike other Russian groups, Cozy Bear's attacks are not associated with sabotage efforts.

Cozy Bear didn't disappear completely after 2016, but its attacks appeared to dramatically decline. There were flurries of breaches linked to the group in 2017 against U.S. think tanks, as well as several attacks around the 2018 elections against defense contractors, media and other verticals.

  • Even with the new campaign, Cozy Bear still does not appear to be as active as it was in 2016.

What's happening: ESET found evidence that the group maintained some of its anonymity since 2018 by using four previously undocumented strains of malware.

  • Some of that malware has been detected as early as 2013. Others appear to be new as of last year.
  • The new malware was found in organizations known to have been breached by Cozy Bear — sometimes as recently as three months before the new strains appeared in their systems.
  • ESET is calling this campaign "Operation Ghost."

As with previous Cozy Bear malware, the new strains used publicly available internet services like Reddit, Twitter and OneDrive to communicate and take instruction from operatives running the campaign.

  • The new malware also hid payloads in image files to disguise network traffic.

Go deeper

5 hours ago - Politics & Policy

Rahm Emanuel floated for Transportation secretary

Rahm Emanuel. Photo: Joshua Lott for The Washington Post via Getty Images

President-elect Biden is strongly considering Rahm Emanuel to run the Department of Transportation, weighing the former Chicago mayor’s experience on infrastructure spending against concerns from progressives over his policing record.

Why it matters: The DOT could effectively become the new Commerce Department, as infrastructure spending, smart cities construction and the rollout of drone-delivery programs take on increasing economic weight.

6 hours ago - Politics & Policy

Biden turns to experienced hands for White House economic team

Illustration: Sarah Grillo/Axios

Joe Biden plans to announce Cecilia Rouse and Brian Deese as part of his economic team and Neera Tanden to head the Office of Management and Budget, sources tell Axios.

Why it matters: These are experienced hands. Unveiling a diverse group of advisers also may draw attention away from a selection of Deese to run the National Economic Council. Some progressives have criticized his work at BlackRock, the world's largest asset management firm.

Biden taps former Obama communications director for press secretary

Photo: Mark Makela/Getty Images

Jen Psaki, who previously served as Obama's communications director, will serve as President-elect Joe Biden's press secretary, the transition team announced Sunday.

The big picture: All of the top aides in Biden's communication staff will be women, per the Washington Post, which first reported Psaki's appointment.