Cybersecurity firm FireEye says massive Russia hack was waged inside U.S.

Russian hackers staged their attacks from servers inside the U.S. — sometimes using computers in the same town or city as the victims, cybersecurity company FireEye tells the New York Times.

Why it matters: This let the intruders evade "legal prohibitions on the National Security Agency from engaging in domestic surveillance," and elude "cyberdefenses deployed by the Department of Homeland Security."

Catch up quick: The attack, attributed to Russia, began with the targeting of the software of IT contractor SolarWinds. Gaining access there allowed the nation-state hackers access to information from a variety of high-profile agencies and companies, including the Treasury, Commerce and Homeland Security departments.

• Experts warn the attack could have severe repercussions given it went on for months, targeted key companies and government agencies, and gained access to a wide swath of substantive information, Axios' Ina Fried reports.
• The attack lasted for at least nine months and affected roughly 250 businesses and federal agencies, per the Times.