Reply to post: I guess that explains it

PrintNightmare: Kicking users from Pre-Windows 2000 legacy group may thwart domain controller exploitation

Dimmer

I guess that explains it

3 months ago, a customers fully patched domain controller was compromised by system account creating an domain admin account named “Quickbooks User” then crypto locked by the bad guys.

I was wondering how they compromised across the network, using the system account that Microsoft says can’t be accessed via a network connection.

Love to hear what you guys have seen.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021