Cybersecurity firm FireEye says massive Russia hack was waged inside U.S.

Russian hackers stagedtheir attacks from servers inside the U.S. — sometimes using computers in the same town or city as the victims, cybersecurity company FireEye tells the New York Times.

Why it matters: This let the intruders evade “legal prohibitions on the National Security Agency from engaging in domestic surveillance,” and elude “cyberdefenses deployed by the Department of Homeland Security.”

Catch up quick: The attack, attributed to Russia, began with the targeting of the software of IT contractor SolarWinds. Gaining access there allowed the nation-state hackers access to information from a variety of high-profile agencies and companies, including the Treasury, Commerce and Homeland Security departments.

• Experts warn the attack could have severe repercussions given it went on for months, targeted key companies and government agencies, and gained access to a wide swath of substantive information, Axios’ Ina Fried reports.
• The attack lasted for at least nine months and affected roughly 250 businesses and federal agencies, per the Times.

Source: https://www.axios.com/massive-russia-hack-fireeye-inside-9e396976-189c-4fb3-96aa-c5e77ab8d308.html?&web_view=true