Suspicious activity

Create snapshot API call was made from Tor IP address

Risk Level

Hazardous (3)

  • N/A


Orca detected a CreateSnapshot operation attempt. The operation was called from a tor IP address, which might indicate of an exfiltration attempt. An attacker with permissions to create snapshots can expose sensitive data using snapshots creation. There snapshots can be shared between different AWS accounts.
  • Recommended Mitigation

    It is recommended to review the permissions which were used to make this api call.