During an access controls audit, Arkadian Cybersecurity uncovered two unauthorized actors operating within a client’s environment—one with administrative privileges in Active Directory and another exploiting a supply chain account to place fraudulent orders. Our team conducted a targeted review of permission structures, login histories, and user behavior analytics to identify anomalies. We promptly disabled the compromised accounts, investigated lateral movement, and traced how elevated privileges were obtained. The incident highlighted gaps in account provisioning and vendor access controls, leading to the implementation of strict least privilege policies, multi-factor authentication, and regular privilege audits. Our swift detection and response helped the client avoid financial loss and potential data exposure.