|
|
|
|
|
|
by ams6110
3582 days ago
|
|
|
If it was a compromised employee login it could have been an indirect path to the log server. E.g. ssh or "Go to My PC" to employee workstation, or log in to company VPN, from there to internal hosts. Not that employee workstations should have access to production machines ideally, but it is commonplace at small companies (and big ones too). |
|
|