The intrusion started in November 2024 with a password spray attack against an exposed RDP server. The attacker attempted multiple logins over several hours using accounts and IPs flagged in OSINT sources. Eventually, they gained RDP access with a compromised account and executed discovery commands to enumerate users and systems....