← Customer 29321180

#37333 [Blackpoint Cyber] [# 2054808] Re: Artichoke Consulting [Cloud Response] [Login from Mobile VPN] [Verification Required]

New-BlackpointCyber Created Feb 24, 2026, 12:26 AM
System (internal) Feb 24, 2026, 12:26 AM 
Created from Lead: https://artichoke.shield.syncromsp.com/leads/40019546/convert
Check-in (internal) Feb 24, 2026, 12:26 AM

Hello Artichoke Consulting,

Blackpoint Cyber is contacting you about a sign-in by a user from a VPN Service via a mobile device. We recommend that you take immediate action to confirm if this is authorized. Please verify that the following email access is known and legitimate. This VPN login should be confirmed for legitimate access by the user and their mobile device.

Blackpoint Cyber does not recommend using a Commercial VPN product to connect to email, as you are trusting their server with all your data. Along with this, if an attacker uses the same VPN then there is no way to tell the legitimate user apart from the adversary.

If the access is not known and authorized, we recommend the following actions:

  1. Reset the account password and terminate all active sessions.
  2. Attempt to contact the person associated with the account (if not already contacted) for verification and to inform them they will have to reset their password.
  3. If the account does not have MFA, we advise immediately enabling MFA on the account.
  4. Once the activity is verified or the situation is resolved, you can unblock the account and share any new passwords with the end user (or allow them to self-reset their own password if enabled).

If this access is known and authorized, please respond to this email to inform the SOC of the approved activity and we can suppress this activity for the user accordingly.

If you have any questions or concerns relating to this alert, please reply to this email.

MDR Alert Details

Login from New Device and IP by CLOUD_RESPONSE_M365 on [email protected]

CLOUD_RESPONSE_M365 Event
Occurred: Tue Feb 24 2026 00:20:50 GMT+0000 (Coordinated Universal Time)
Event: Login from New Device and IP
User: [email protected]
IP: 169.150.231.81
Country: US
Proxies: No
Potential Hosting Provider: Datacamp Limited
VPNs: ADGUARD_VPN
Is Tor: No
Risks: CALLBACK_PROXY, TUNNEL
Device Info: Ios 18.7.0 Safari
User Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.2 Mobile/15E148 Safari/604.1
Is Compliant And Managed: False

Endhost
IP: 169.150.231.81
Hostname: [email protected]
Domain: WORKGROUP
OS: