Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to Axios Closer for insights into the day’s business news and trends and why they matter

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Stay on top of the latest market trends

Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Sarah Grillo/Axios

Government and private-sector investigators are racing to run forensics and damage assessments on the SolarWinds breach, but they keep turning up new unknowns, even as the strategic motivations and real impact remain obscure.

Why it matters: The more we learn about SolarWinds, the less we seem to know.

The intrigue: It’s not clear how much of the "SolarWinds breach" is even linked to SolarWinds, acting CISA director Brandon Wales told the Wall Street Journal.

  • In fact, "approximately 30% of both the private-sector and government victims linked to the campaign had no direct connection to SolarWinds," said the WSJ, citing Wales.
  • Because of the Russians’ use of these unconnected vectors, "this campaign should not be thought of as the SolarWinds campaign," said Wales.
  • Malwarebytes, a private computer security firm, has also concluded that “a number of its Microsoft cloud email accounts were compromised by the same group that targeted SolarWinds, using what Malwarebytes called ‘another intrusion vector’” from the SolarWinds backdoor, writes the Journal.

The big picture: The revelations suggest that the access gained into SolarWinds software was only one part in a broader Russian hacking campaign that hit other service providers as well. And the hackers' initial point of entry or ultimate goal remains unknown.

This massive campaign — which has potentially compromised networks tied to the Treasury, Defense, Commerce and State departments — was clearly more proactive and multifaceted than previously known.

  • The hackers identified and employed multiple avenues to compromise their targets — and weren’t, it appears, exclusively using the SolarWinds backdoor as their ticket into victims’ networks.
  • Indeed, SolarWinds “itself is probing whether Microsoft’s cloud was the hackers’ initial entry point into its network,” writes the Journal.
  • Thus, some victims may have been independently targeted via these other Microsoft-related issues, while others were compromised via SolarWinds, which may itself have been breached via its own Microsoft cloud account.
  • The Russian hackers had compromised at least one SolarWinds Microsoft 365 account as far back as December 2019, SolarWinds’ CEO told the Wall Street Journal.

Between the lines: The longer this type of campaign goes undetected, the harder it is to determine who was compromised when — and how. And when these causal chains are blurred, it's that much harder for cybersecurity experts to perform necessary damage control measures.

Context: This investigative work is hard enough in the often hazy world of counterintelligence. Investigators look to suss out:

  • How did a breach happen? Was it caused by a human or some technological source, or some combination of the two?
  • How long has this compromise existed?
  • What was the purpose of the campaign?

It only gets tougher in the world of cyber operations because there are so many potential variables to consider.

  • Private and public actors use lots of managed service providers like SolarWinds, and each one is a potential avenue for compromise.
  • Cyber operators often cover their tracks as they work on achieving persistent access in a network, obscuring the means by which they first got in.
  • Once operations like the SolarWinds hack are discovered, the focus immediately turns to worry over what networks the hackers might still be active in and what data might still be exfiltrated. That makes lower priorities out of larger questions about how they might fit into the responsible party's larger intelligence-gathering objectives or foreign policy goals.

The bottom line: Barring some type of extremely well-placed human or other source, getting to something approximating ground truth regarding all the dimensions — technical, tactical, temporal and strategic — of SolarWinds will be very difficult for the U.S. intelligence community.

Go deeper

Army officer lawsuit shines light on police treatment of Afro-Latinos

A screenshot from bodycam footage showing U.S. Army Lt. Caron Nazario during the traffic stop in December, when he was pepper-sprayed.

Caron Nazario, a Black and Latino lieutenant in the U.S. Army, was threatened and pepper-sprayed during a traffic stop that is now under investigation by the Virginia attorney general's office for being “dangerous, unnecessary, unacceptable and avoidable.”

Why it matters: Nazario’s resulting lawsuit against the Windsor, Virginia, police department has brought attention to police treatment of Afro-Latinos, and the lack of data about it despite a growing reckoning over abuses from law enforcement.

16 mins ago - Health

Global COVID-19 death toll surpasses 3 million

Illustration: Sarah Grillo/Axios

The global toll of confirmed deaths from COVID-19 surpassed 3 million on Saturday, according to data from Johns Hopkins University.

By the numbers: The U.S. has seen more deaths (566,238) than any other country, followed by Brazil (368,749) and Mexico (211,693).

Bryan Walsh, author of Future
1 hour ago - Technology

Meet your doctor's AI assistant

Illustration: Annelise Capossela/Axios

Artificial intelligence is breaking into the doctor's office, with new models that can transcribe, analyze and even offer predictions based on written notes and conversations between physicians and their patients.

Why it matters: AI models can increasingly be trained on what we tell our doctors, now that they're starting to understand our written notes and even our conversations. That will open up new possibilities for care — and new concerns about privacy.