Russian hackers stagedtheir attacks from servers inside the U.S. — sometimes using computers in the same town or city as the victims, cybersecurity company FireEye tells the New York Times.
Why it matters: This let the intruders evade "legal prohibitions on the National Security Agency from engaging in domestic surveillance," and elude "cyberdefenses deployed by the Department of Homeland Security."
Catch up quick: The attack, attributed to Russia, began with the targeting of the software of IT contractor SolarWinds. Gaining access there allowed the nation-state hackers access to information from a variety of high-profile agencies and companies, including the Treasury, Commerce and Homeland Security departments.
Experts warn the attack could have severe repercussions given it went on for months, targeted key companies and government agencies, and gained access to a wide swath of substantive information, Axios' Ina Fried reports.
The attack lasted for at least nine months and affected roughly 250 businesses and federal agencies, per the Times.