Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Eniola Odetunde/Axios

Russian cyber operators are almost certainly still rummaging through U.S. networks, potentially lifting data or setting traps for future havoc even as officials scramble to assess the damage Moscow's hack has already dealt.

Why it matters: The hack, powered by malicious code inserted into an update of SolarWinds network management software, could be among the most significant in the country’s history, perhaps on par with China’s hack of the Office of Personnel Management or Russia’s 2014 hack of the State Department.

Driving the news: The FBI, NSA, CISA and office of the DNI in a joint statement Tuesday confirmed what has been widely accepted in the cybersecurity world: The hack was likely the work of Russia. (Specifically, Russia's SVR intelligence agency is thought to be behind it, though the statement stopped short of such specific attribution.)

  • The agencies also said that, although the update went out to some 18,000 SolarWinds customers, far fewer public or private entities were actually compromised.
  • So far, fewer than 10 government bodies have been identified as having been breached, the agencies said.

Yes, but: Even if the cyber operation narrowly focused on just a handful of targets, its impact could far exceed its footprint.

  • Already, experts say Russia may have used the exploit to breach critical U.S. infrastructure like power plants.
  • Microsoft, meanwhile, said hackers viewed some of the company’s source code.
  • And the federal agencies that are known to have been affected are among those responsible for some of the nation's most vital and sensitive work, including the State, Treasury, Energy, Commerce and Defense departments.

The intrigue: Nation-state groups — called “Advanced Persistent Threats” in cybersecurity jargon — aim to achieve persistent and long-standing access to desired targets.

  • Once they burrow into a network, they almost always surreptitiously develop contingencies for how to stay there, even if their initial point of entry is discovered.

That prospect of persistent access is complicated further by the fact that we still don't know exactly what the Russian cyber spies were looking for. Broadly speaking, there are three possibilities:

1. The hackers deliberately cast a wide net as cover to obscure the fact that they were after a specific target.

  • While U.S. cyber defenders continue puzzling over just how many doors have been wrenched open, Russia may have devoted, or may still be quietly devoting, intensive resources to extracting information from one particular agency, department or dataset.

2. The hack was aimed at compromising the maximum number of U.S. government (and perhaps other) targets simultaneously, allowing Moscow to sift through vast troves of likely unclassified, but still sensitive, data.

  • Down the line, such data may prove useful in, for instance, giving Russia — or China, Iran or another hostile foreign power, should Russia trade it away — a strategic advantage in diplomatic negotiations.
  • Or if an American intelligence operation halfway around the world is blown, U.S. counterintelligence officials may be left wondering if somehow it is related to information stolen in the hack.

3. The hack began as a narrow operation but, after Russia got what it was after, broadened, with the hackers fully expecting to get caught.

  • The SVR could then sit back and let the long afterlife of its compromise commence, driving stateside panic and distracting U.S. cyber warriors as Russia moves on to future operations.

The bottom line: No matter what, Russia now knows that the SolarWinds hack may tie U.S. counterintelligence experts into knots for many years to come.

Go deeper

Dave Lawler, author of World
Jan 21, 2021 - World

Biden opts for five-year extension of New START nuclear treaty with Russia

Putin at a military parade. Photo: Valya Egorshin/NurPhoto via Getty

President Biden will seek a five-year extension of the New START nuclear arms control pact with Russia before it expires on Feb. 5, senior officials told the Washington Post.

Why it matters: The 2010 treaty is the last remaining constraint on the arsenals of the world's two nuclear superpowers, limiting the number of deployed nuclear warheads and the bombers, missiles and submarines which can deliver them.

Dan Primack, author of Pro Rata
24 mins ago - Economy & Business

Scoop: Red Sox strike out on deal to go public

Illustration: Sarah Grillo/Axios

The parent company of the Boston Red Sox and Liverpool F.C. has ended talks to sell a minority ownership stake to RedBall Acquisition, a SPAC formed by longtime baseball executive Billy Beane and investor Gerry Cardinale, Axios has learned from multiple sources. An alternative investment, structured more like private equity, remains possible.

Why it matters: Red Sox fans won't be able to buy stock in the team any time soon.