![From VPN to Domain Admin: How Leaked Credentials Led to Full Compromise at TU/e [Fox-IT Report]](/_next/image?url=https%3A%2F%2Fres.cloudinary.com%2Fdj6sc2eiq%2Fimage%2Fupload%2Fv1742422240%2Fcyber-bot%2Flhnw6rx7thqqo0mhnufy.jpg&w=2048&q=75)
From VPN to Domain Admin: How Leaked Credentials Led to Full Compromise at TU/e [Fox-IT Report]
CybersecurityIncidentResponseVPNDomainAdminDCSyncMalwareRemoteControlDataBreachUniversityFox-IT
A declassified technical report from Fox-IT describes a large-scale incident response at Eindhoven University of Technology (TU/e) in the Netherlands, where a malicious actor used leaked VPN credentials to escalate to full domain administrator access via a DCSync attack. The adversary installed remote control tools such as AnyDesk and TeamViewer, compromised 91 systems, and attempted to disable backups.