Azure Serial Console Exploited by Hackers for VM Access and SIM Swapping Attacks
A financially motivated cybergang known as UNC3944 is using phishing and SIM swapping attacks to hijack Microsoft Azure admin accounts and gain access to virtual machines. They abuse the Azure Serial Console to install remote management software for persistence and use Azure Extensions for stealthy surveillance. UNC3944 aims to steal data from victim organizations using Microsoft's cloud computing service. The attack demonstrates the group's deep understanding of the Azure environment and how they can leverage built-in tools to evade detection.