Hi everyone,
Today I noticed a new user on my server called SCPortal. (not SCPPortal)
They had acquired Administrator rights to my server, and installed VMWare Horizon Client. (downloaded the installation package to the desktop and ran it)
The remote desktop session was active but disconnected.
I pulled a RDP report and this user logged in from (USA)
My server is in South Africa.
Can anyone explain what this is?
My server is pretty secure, so it would have had to be something internally which created this.
Please note that this is not to be confused with the SCPPortal user.
**Note the double P.

SCPortal is the hacked user account.

Unselected an answer