Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Photo: Sina Schuldt/picture alliance via Getty Images

The revelation that hackers tied to Russia managed to penetrate the Treasury, Commerce and Homeland Security departments — at least — will be giving U.S. officials nightmares for a long time.

The big picture: News of the Russia-linked hack, which Reuters broke Sunday, has shaken the government and larger cybersecurity world and led some policymakers to call for retaliation against Russia.

What we know:

  • Who was (probably) behind it. Cyber operators likely working for the SVR, a Russian intelligence service, compromised the software of IT contractor SolarWinds to gain access to these government networks — and have been potentially roaming in them since March.
  • The group's history. The same hacking unit, known as APT 29 or Cozy Bear, hacked prominent cybersecurity vendor FireEye. Cozy Bear was also behind a major compromise in 2014 and 2015 of unclassified email systems at the Pentagon, White House, and State Department.
  • The upper limit of the hack's potential reach: Some 18,000 SolarWinds customers — not individuals, institutions — may have been breached in the campaign, said SolarWinds, likely including currently unnamed “national security agencies and defense contractors,” according to the Wall Street Journal’s Dustin Volz.

What we don't know:

  • What they were after. The hackers appeared to gain access to email systems within Commerce and Treasury, though we don’t know whose emails, nor just how sensitive they are. And it's possible they got deeper into government systems than merely scraping unclassified emails.
  • Whether the hackers are still active in victim networks. Once a determined and capable foreign intelligence service has forced its way into a system, it will seek new avenues to keep on spying even if its initial access points get cut off. We don't know if, or how many, victims' networks, are still compromised.
  • The full list of victims.

Yes, but: It’s a strong bet that there are other shoes waiting to drop.

  • SolarWinds’ customers include “more than 425 of the US Fortune 500,” “all ten of the top ten US telecommunications companies,” “all five branches of the US Military,” “the US Pentagon, State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States," and “all five of the top five US accounting firms,” per a page on the company’s website that was recently deleted.

Be smart: As stunning as the hack's apparent success may be, the effort behind it is par for the course in the world of cyberespionage. The general public just rarely gets a glimpse into the machinery of modern spying.

Update: Monday night, the New York Times reported "parts of" the Pentagon were also affected by the attack.

Go deeper

Disinformation's big win

Illustration: Aïda Amer/Axios

The road to yesterday's ransacking of the Capitol by a pro-Trump mob began four years ago with the Russian theft of Democratic party emails.

Why it matters: Russia aims to undermine U.S. democracy, and this week's turmoil is another sign of its success.

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Annelise Capossela/Axios

  1. Health: CDC director defends agency's response to pandemic — CDC warns highly transmissible coronavirus variant could become dominant in U.S. in March.
  2. Politics: Biden readies massive shifts in policy for his first days in office.
  3. Vaccine: Fauci: 100 million doses in 100 days is "absolutely" doable.
  4. Economy: Unemployment filings explode again.
  5. Tech: Kids' screen time sees a big increase.
  6. World: WHO team arrives in China to investigate pandemic origins.
Dave Lawler, author of World
3 hours ago - World

Alexey Navalny detained after landing back in Moscow

Navalny and his wife shortly before he was detained. Photo: Kirill Kudryavtsev/AFP via Getty

Russian opposition leader Alexey Navalny was detained upon his return to Moscow on Sunday, which came five months after he was poisoned with the nerve agent Novichok. He returned despite being warned that he would be arrested.

The latest: Navalny was stopped at a customs checkpoint and led away alone by officers. He appeared to hug his wife goodbye, and his spokesman reports that his lawyer was not allowed to accompany him.