The researchers provide the following additional tools and techniques that Octo Tempest uses in their attacks:

• open-source tools: ScreenConnect, FleetDeck, AnyDesk, RustDesk, Splashtop, Pulseway, TightVNC, LummaC2, Level.io, Mesh, TacticalRMM, Tailscale, Ngrok, WsTunnel, Rsocx, and Socat • deploying Azure virtual machines to enable remote access via RMM installation or modification to existing resources via Azure serial console • adding MFA methods to existing users • using the tunneling tool Twingate, which leverages Azure Container instances as a private connector (without public network exposure)