Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to Axios Closer for insights into the day’s business news and trends and why they matter

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Stay on top of the latest market trends

Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Axios on your phone

Get breaking news and scoops on the go with the Axios app.

Download for free.

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios NW Arkansas

Stay up-to-date on the most important and interesting stories affecting NW Arkansas, authored by local reporters

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Sarah Grillo/Axios

Government and private-sector investigators are racing to run forensics and damage assessments on the SolarWinds breach, but they keep turning up new unknowns, even as the strategic motivations and real impact remain obscure.

Why it matters: The more we learn about SolarWinds, the less we seem to know.

The intrigue: It’s not clear how much of the "SolarWinds breach" is even linked to SolarWinds, acting CISA director Brandon Wales told the Wall Street Journal.

  • In fact, "approximately 30% of both the private-sector and government victims linked to the campaign had no direct connection to SolarWinds," said the WSJ, citing Wales.
  • Because of the Russians’ use of these unconnected vectors, "this campaign should not be thought of as the SolarWinds campaign," said Wales.
  • Malwarebytes, a private computer security firm, has also concluded that “a number of its Microsoft cloud email accounts were compromised by the same group that targeted SolarWinds, using what Malwarebytes called ‘another intrusion vector’” from the SolarWinds backdoor, writes the Journal.

The big picture: The revelations suggest that the access gained into SolarWinds software was only one part in a broader Russian hacking campaign that hit other service providers as well. And the hackers' initial point of entry or ultimate goal remains unknown.

This massive campaign — which has potentially compromised networks tied to the Treasury, Defense, Commerce and State departments — was clearly more proactive and multifaceted than previously known.

  • The hackers identified and employed multiple avenues to compromise their targets — and weren’t, it appears, exclusively using the SolarWinds backdoor as their ticket into victims’ networks.
  • Indeed, SolarWinds “itself is probing whether Microsoft’s cloud was the hackers’ initial entry point into its network,” writes the Journal.
  • Thus, some victims may have been independently targeted via these other Microsoft-related issues, while others were compromised via SolarWinds, which may itself have been breached via its own Microsoft cloud account.
  • The Russian hackers had compromised at least one SolarWinds Microsoft 365 account as far back as December 2019, SolarWinds’ CEO told the Wall Street Journal.

Between the lines: The longer this type of campaign goes undetected, the harder it is to determine who was compromised when — and how. And when these causal chains are blurred, it's that much harder for cybersecurity experts to perform necessary damage control measures.

Context: This investigative work is hard enough in the often hazy world of counterintelligence. Investigators look to suss out:

  • How did a breach happen? Was it caused by a human or some technological source, or some combination of the two?
  • How long has this compromise existed?
  • What was the purpose of the campaign?

It only gets tougher in the world of cyber operations because there are so many potential variables to consider.

  • Private and public actors use lots of managed service providers like SolarWinds, and each one is a potential avenue for compromise.
  • Cyber operators often cover their tracks as they work on achieving persistent access in a network, obscuring the means by which they first got in.
  • Once operations like the SolarWinds hack are discovered, the focus immediately turns to worry over what networks the hackers might still be active in and what data might still be exfiltrated. That makes lower priorities out of larger questions about how they might fit into the responsible party's larger intelligence-gathering objectives or foreign policy goals.

The bottom line: Barring some type of extremely well-placed human or other source, getting to something approximating ground truth regarding all the dimensions — technical, tactical, temporal and strategic — of SolarWinds will be very difficult for the U.S. intelligence community.

Go deeper

Updated 2 hours ago - Health

CDC: Vaccinated people in COVID hotspots should resume wearing masks

CDC director Rochelle Walensky and top infectious disease expert Anthony Fauci at a Senate HELP committee hearing. Photo: J. Scott Applewhite-Pool/Getty Images

The Centers for Disease Control and Prevention issued updated guidance on Tuesday recommending that vaccinated people wear masks in indoor, public settings if they are in parts of the U.S. with substantial to high transmission, among other circumstances.

Why it matters: The guidance, a reversal from recommendations made two months ago, comes as the Delta variant continues to drive up case rates across the country. Millions of people in the U.S. — either by choice or who are ineligible — remain unvaccinated and at risk of serious infection.

Olympics medal tracker

Data: International Olympic Committee; Chart: Connor Rothschild/Axios
Bryan Walsh, author of Future
3 hours ago - Politics & Policy

U.S. students fell 4 to 5 months behind during pandemic

An empty classroom in Pinole, Calif. Photo: David Paul Morris/Bloomberg via Getty Images

Elementary school students in the U.S. ended the school year four to five months behind their expected level of academic achievement, according to a new report.

Why it matters: Months of school closures and often inferior remote education eroded what schoolchildren would have learned since the pandemic began, and caused some to go backwards.