Aug 16 2021
05:30 AM
- last edited on
Apr 08 2022
10:52 AM
by
TechCommunityAP
Aug 16 2021
05:30 AM
- last edited on
Apr 08 2022
10:52 AM
by
TechCommunityAP
Hi All.
Thank you for having the time of reading my email. We are going through a Brute-Force attack directly to our DCs. The attackers have been able to access to 40 user accounts and they are trying with multiple passwords against out DCs. We are assuming that they must be on our network or through our VPN. Our tools are DEP, MCAS, AzureSentinel and we are not able to see the source IP. We can only see the Device ID and they are actually trying from different PCs and surprisingly these PCs have the same ID but the IPs are not displayed. I was wandering if any of you would have a suggestion on how to stop this attack.
Thank you very much in advance for your help.
Tomas Gonzales.
Aug 16 2021 07:46 AM