Malicious activity

New User Added to Local Administrators Group

Platform(s)
  • N/A

Compliance Frameworks

Description

This alert indicates that a new user account has been added to the local administrator group on a Windows system. The local administrator group is a powerful group that has full control over the system, including the ability to install software, modify system settings, and access sensitive data.
  • Recommended Mitigation

    Investigate the new user added to Administrators group, and remove or disable any unauthorized users.