cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

RE: Suspicious incoming RDP: Victim IP - 13.65.113.217

snteran
Copper Contributor

‎Sep 10 2021 02:42 PM

‎Sep 10 2021 02:42 PM

RE: Suspicious incoming RDP: Victim IP - 13.65.113.217

We received a LOW ASC Alert regarding an attack to 116 IP addresses.  

 

"Network traffic analysis detected anomalous incoming Remote Desktop Protocol (RDP) communication to 13.65.113.217, associated with your resource 4255c1da87924ebda2e54616ea906f74, from multiple sources."

 

Neither of these incoming IP address nor the Resource are part of our Azure environment.  I searched and found the IP is part of MS but not sure about the Compromised Host "4255c1da87924ebda2e54616ea906f74".  

This has been reported as a Brute Force and our CISO is wanting some type of comment regarding the resolution.  I see it as a false/positive activity from Microsoft but need to make sure.  Has anyone ran into this type of Alert before?

 

Cheers,

Serge

1,008 Views
0 Likes
2 Replies
Reply
2 Replies
Stanislav Belov

‎Sep 13 2021 04:35 PM

‎Sep 13 2021 04:35 PM

RE: Suspicious incoming RDP: Victim IP - 13.65.113.217

I would suggest that you open a support ticket so that our experts can help you find the root cause of this alert.
0 Likes
Reply
snteran

‎Sep 14 2021 07:51 AM

‎Sep 14 2021 07:51 AM

RE: Suspicious incoming RDP: Victim IP - 13.65.113.217

thanks for the suggestion, I was hoping to bring this type of alert public to assist others. If anyone has any thoughts/advice on potential explanation, please let me know.

Cheers
0 Likes
Reply