Azure execution through serial console

[christophetd]

UNC3944 has also found use of some of the more niche features and applications within Azure to move laterally and conduct data theft. On multiple occasions UNC3944 has moved laterally within an organization's Azure environment using the Special Administration Console to connect to virtual machines via serial console.

https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware