OAuth applications to deploy VMs for cryptomining (Campaign)

On 2023-12-12, a campaign was reported, involving Storm-1283, gaining initial access via End-user compromise, while using OAuth app creation, OAuth app hijack, to achieve Resource hijacking.