Using the access to virtual machines the attackers employed malicious use of the Serial Console on Azure Virtual Machines to install third-party remote management software within client environments.