Threat actors activate Amazon Web Services (AWS) Systems Manager Inventory [T1538] to discover targets for lateral movement [TA0007],[TA0008], then move to both preexisting [T1021.007] and actor-created [T1578.002]
Amazon Elastic Compute Cloud (EC2) instances
https://www.cisa.gov/sites/default/files/2023-11/aa23-320a_scattered_spider_0.pdf
Previously in:
Addresses #125