A financially motivated cyber actor has been observed abusing the Microsoft Azure serial console to install third-party remote management tools within compromised environments.
The company, Mandiant, attributes the activity to a threat group it tracks under the names Roasted 0ktapus and Scattered Spider.
The novel use of the serial console by attackers is a reminder that these attacks are no longer limited to the operating system layer, Mandiant said.
It adds that the example demonstrates how sophisticated attackers are now able to penetrate even protected virtual machines using technology such as the serial consoles.
A further example of this kind of behavior occurs when malicious actors use PowerShell to deploy legitimate remote administration tools inside an unpatched Azure VM.
More on this in next chapter…
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply