Cyber actors are using Microsoft Azure Serial Console on virtual machines (VMs) to install third-party remote management tools, according to Mandiant. The threat group, known as UNC3944, Roasted 0ktapus, and Scattered Spider, is believed to have been using SIM swapping to gain access to targets since May 2022. They have also been deploying a malicious signed driver, STONESTOP, to terminate processes associated with security software and delete files. It is suspected that the initial access is obtained through SMS phishing messages to gain credentials, followed by a SIM swap to receive the two-factor authentication (2FA) token. The attacker then uses PowerShell to deploy legitimate remote administration tools and Azure VM extensions to survey the target network. Mandiant warns that these attacks are no longer limited to the operating system layer and that cloud resources are often poorly understood, leading to misconfigurations that can leave them vulnerable.
Source: Hackernews
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.