Hi, I am no expert but I think our server has been hacke. I noticed that windows firewall had been disabled and that a unknown username was logged on to the server
AD and found 5 users I didn't know. Have disabled all vpn ports, and rdp ports. Removed the users and Ann folder related.
Is there a starting point to try and trace how they accessed the network to help remove the threat,? Server is up to date