Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Sarah Grillo/Axios

A Trump administration official tells Axios that the cyberattack on the U.S. government and corporate America, apparently by Russia, is looking worse by the day — and secrets may still be being stolen in ways not yet discovered.

The big picture: "We still don't know the bottom of the well," the official said. Stunningly, the breach goes back to at least March, and continued all through the election. The U.S. government didn't sound the alarm until this Sunday. Damage assessment could take months.

Microsoft President Brad Smith told the N.Y. Times that at least 40 companies, government agencies and think tanks had been infiltrated.

  • The hack is known to have breached the departments of Defense, State, Homeland Security, Treasury, Commerce, and Energy and its National Nuclear Security Administration — plus the National Institutes of Health.
  • 8 countries: Microsoft, which has helped respond to the breach, said in a statement that 80% of its 40 customers known to have been targeted are in the U.S., plus others in U.K., Israel, UAE, Canada, Mexico, Belgium and Spain.

In unusually vivid language for a bureaucracy, the U.S. Cybersecurity and Infrastructure Security Agency, part of Homeland Security, said yesterday that the intruder "demonstrated sophistication and complex tradecraft."

  • The agency said the breach "poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations."

If this had been a physical attack on America's secrets, we could be at war.

  • Imagine if during the Cold War, the Soviet Union had broken into a building in Washington and walked out with correspondence, budgets and more.
  • Sen. Chris Coons (D-Del.) told Andrea Mitchell on MSNBC: "It's pretty hard to distinguish this from an act of aggression that rises to the level of an attack that qualifies as war. ... [T]his is as destructive and broad scale an engagement with our military systems, our intelligence systems as has happened in my lifetime."

The gravity wasn't immediately apparent because this wasn't the "cyber Pearl Harbor" that experts have warned about: No one took out a power grid, or stole a bunch of money or destabilized the markets.

  • Instead, it's more like someone has been walking in and out of your house for months, and you don't really know what they took.
  • And they may have built a secret door. "For someone to have access that long, who's this sophisticated, it's pretty likely they built other ways to get in that are hard to find," one official told me.

What's next: President Trump has stayed silent on the hack, meaning that President-elect Biden's overflowing in-box now includes Russian reprisal, damage mitigation and future deterrence.

  • Promising to impose "substantial costs" on the perpetrator, Biden said in a statement that his administration "will make cybersecurity a top priority": "I will not stand idly by in the face of cyber assaults on our nation."
Subscribe to Axios AM/PM for a daily rundown of what's new and why it matters, directly from Mike Allen.
Please enter a valid email.
Please enter a valid email.
Server error. Please try a different email.
Subscribed! Look for Axios AM and PM in your inbox tomorrow or read the latest Axios AM now.

Go deeper

Disinformation's big win

Illustration: Aïda Amer/Axios

The road to yesterday's ransacking of the Capitol by a pro-Trump mob began four years ago with the Russian theft of Democratic party emails.

Why it matters: Russia aims to undermine U.S. democracy, and this week's turmoil is another sign of its success.

1 hour ago - World

Biden freezes U.S. arms deals with Saudi Arabia and UAE

Trump struck several large arms deals with Mohammed bin Salman (L) and Saudi Arabia. Photo: Kevin Dietsch-Pool/Getty Images

The Biden administration has put on hold two big arms deals with Saudi Arabia and the United Arab Emirates which were approved in the final weeks of the Trump administration, a State Department official tells Axios.

Why it matters: The sales of F-35 jets and attack drones to the UAE and a large supply of munitions to Saudi Arabia will be paused pending a review. That signals a major policy shift from the Trump era, and may herald sharp tensions with both Gulf countries.

Dan Primack, author of Pro Rata
2 hours ago - Podcasts

Robert Downey Jr. launches VC funds to help save the planet

Robert Downey Jr. on Wednesday announced the launch of two venture capital funds focused on startups in the sustainability sector, the latest evolution of a project he launched two years ago called Footprint Collective.

Between the lines: This is a bit of life imitating art, as Downey Jr. spent 11 films portraying a character who sought to save the planet (or, in some cases, the universe).