Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to Axios Closer for insights into the day’s business news and trends and why they matter

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios Pro Rata

Dive into the world of dealmakers across VC, PE and M&A with Axios Pro Rata. Delivered daily to your inbox by Dan Primack and Kia Kokalitcheva.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Nashville news?

Get a daily digest of the most important stories affecting your hometown with the Axios Nashville newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Columbus news?

Get a daily digest of the most important stories affecting your hometown with the Axios Columbus newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Dallas news?

Get a daily digest of the most important stories affecting your hometown with the Axios Dallas newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Austin news?

Get a daily digest of the most important stories affecting your hometown with the Axios Austin newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Atlanta news?

Get a daily digest of the most important stories affecting your hometown with the Axios Atlanta newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Philadelphia news?

Get a daily digest of the most important stories affecting your hometown with the Axios Philadelphia newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Chicago news?

Get a daily digest of the most important stories affecting your hometown with the Axios Chicago newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios NW Arkansas

Stay up-to-date on the most important and interesting stories affecting NW Arkansas, authored by local reporters

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Photo: Alastair Grant/AFP via Getty Images

FireEye announced last week that a cyber attack that looked like it could have come from the Russian hackers "Cozy Bear" may have impersonated a State Department official in a new phishing campaign.

The big picture: FireEye was careful to say last week that it was not ready to formally accuse Russia of the attack. It still isn't. But the security firm posted more information about the attack on Monday which has helped to fill in some blanks.

What they're saying: "We were shocked to see people saying this was definitely from Russia - we have material information we aren't releasing, and we're not sure yet. This is us showing our work," said Nick Carr, senior manager of adversary methods at FireEye

Why it matters: Cozy Bear, and all spy groups, regularly use phishing scams to breach targets. While the recent operation was nothing too far afield of other attacks, it is jarring to see such a brazen choice of cover identity.

The backdrop: The Cozy Bear hackers are the less talked about, more covert of the two Russian "bears" that attacked the Democratic National Committee in 2016. The hackers ceased activity soon after the election, and may not have resurfaced until now, if at all.

  • FireEye has noted the long gap in appearances as a reason the phishing emails might not have come from Cozy Bear.

Details: In the most recent attack, the hackers targeted a broad cross section of industries, including "think tanks, law enforcement, media, U.S. military, imagery, transportation, pharmaceuticals, national government, and defense contracting," That information was announced last week.

  • The targets significantly overlap with an attack on the firm Volexity, which was more definitively attributed to Cozy Bear in November.
  • If a victim clicked on the document included in the phishing email, a form labeled "TRAINING/INTERNSHIP PLACEMENT PLAN" would be found.
  • That document was laced with computer code giving the hackers a foothold on that system.

The malware the hackers used included the widely-available Cobalt Strike, so it's likely antivirus programs could catch this attack in progress.

  • But don't count on that, researchers at FireEye said: Cozy Bear sometimes uses easy-to-catch attacks as a smokescreen for more covert ones.

Go deeper

Dan Primack, author of Pro Rata
2 hours ago - Politics & Policy

Democrats' billionaires tax explained

Illustration: Aïda Amer/Axios

There is now legislative language behind the push to tax American billionaires on unrealized capital gains, as Sen. Ron Wyden last night released his 107-page plan.

Why it matters: This would be a sea change in U.S. tax policy, which has only applied to realized gains (otherwise known as income).

3 hours ago - World

Scoop: Blinken protests Israel settlements approval in "tense" phone call

Benny Gantz (L) and Tony Blinken. Photo: Jacquelyn Martin/Pool/AFP via Getty

Secretary of State Tony Blinken protested the decision to approve 3,000 new housing units in Israeli settlements in the occupied West Bank during a tense phone call on Tuesday with Israeli Defense Minister Benny Gantz, three Israeli officials tell me.

Why it matters: This is the first time new construction in the settlements has been approved since President Biden assumed office, and the Biden administration had been privately pressing the Israeli government not to proceed.

The startup that wants to disrupt big internet providers

Illustration: Maura Losch/Axios

A new startup backed by funding from AOL founder Steve Case and Laurene Powell Jobs wants to break up broadband monopolies across the country.

Why it matters: Internet access has been crucial during the pandemic, but it's not ubiquitous, and it can be both slow and unaffordable in swaths of the country.