Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Photo: Mandel Ngan/AFP/Getty Images

Cozy Bear, hackers who the U.S. and other governments believe to be Russian intelligence, appears to be impersonating the State Department in a new hacking campaign that's been observed attacking several sectors. FireEye, a cybersecurity company, first made the announcement on Twitter.

The big picture: It's nothing new for Cozy Bear to impersonate government officials, or anyone else who could lure people into downloading a file. That doesn't make it less aggressive — or less dangerous — for them to use the State Department to accomplish their goal.

FireEye is not making a firm attribution to Cozy Bear at this time. It's just saying the attacks show similarities to Cozy Bear's toolkit and techniques.

The targets spanned different sectors: defense, law enforcement, local government, media, pharmaceuticals, think tanks, transportation and the public sector. They appear to be the same or similar targets to a 2016 campaign associated with Cozy Bear.

What they're saying: "FireEye is continuing to investigate the true intention of the campaign," said Nick Carr, senior manager of adversary methods at FireEye.

Editor's note: The headline and story have been corrected to show that the Russian hacking group in question is Cozy Bear (not Fancy Bear).

Go deeper

In photos: D.C. and U.S. states on alert for pre-inauguration violence

National Guard troops stand behind security fencing with the dome of the U.S. Capitol Building behind them, on Jan. 16. Photo: Kent Nishimura / Los Angeles Times via Getty Images

Security has been stepped up in Washington, D.C., and state capitols across the U.S. as authorities brace for potential violence this weekend.

Driving the news: Following the Jan. 6 insurrection at the U.S. Capitol by some supporters of President Trump, the FBI has said there could be armed protests in D.C. and in all 50 state capitols in the run-up to President-elect Joe Biden's inauguration Wednesday.

The new Washington

Illustration: Sarah Grillo/Axios

The Axios subject-matter experts brief you on the incoming administration's plans and team.

Rep. Lou Correa tests positive for COVID-19

Lou Correa. Photo: Tom Williams/CQ-Roll Call, Inc via Getty Images

Rep. Lou Correa (D-Calif.) announced on Saturday that he has tested positive for the coronavirus.

Why it matters: Correa is the latest Democratic lawmaker to share his positive test results after last week's deadly Capitol riot. Correa did not shelter in the designated safe zone with his congressional colleagues during the siege, per a spokesperson, instead staying outside to help Capitol Police.