Description
API calls from suspicious source address using an administrative user were detected by AWS GuardDuty service. AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity. The service detects one of the following types of IAM recon findings (Recon:IAMUser/MaliciousIPCaller, Recon:IAMUser/MaliciousIPCaller, Recon:IAMUser/TorIPCaller) originated from a suspicious source (known Tor exit node or an IP address included on a threat list) using an AWS user with administrative permissions.