A financially motivated cyber actor has been observed abusing Microsoft AzureSerial Consoleon virtual machines (VMs) to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to a threat group it tracks under the nameUNC3944, which is also known as Roasted 0ktapus and Scattered Spider. “This method of attack was unique in