Orca detected that a user was added to a group from a malicious IP address - {MaliciousIp.MaliciousIp}, the operation was successful. The operation was called from a malicious IP address - {MaliciousIp.MaliciousIp}, which might indicate of a privilege escalation attempt. An attacker with permissions to add users to groups, can add permissions to entities which are in his control.
Recommended Mitigation
It is recommended to review the permissions which were used to make this api call. In addition, review the actions of the affected user and remove it from the group in if it is possible.