Suspicious activity

Lambda function that exposes secrets is reached from Tor IP address

Platform(s)

Description

Orca detected AWS lambda function {AwsLambdaFunction} with environment variables exposing secrets. The function configuration was fetched by one of the following api calls: GetFunction, GetFunctionConfiguration or ListFunctions which retrieves the environment variables. This action may indicate of a presence of an unauthorized actor in the cloud environment, since the api call was invoked from Tor IP address - {MaliciousIp.MaliciousIp}.