Suspicious activity

Elastic IP address was transferred



Orca detected that an Elastic IP transfer request was successfully committed. This action may indicate of an IP hijack attempt of an unauthorized actor in the cloud environment, which can lead to DOS, lateral-movement or IP-takeover. An AWS Elastic IP is an allocated public and static IPv4 address that is accessible from the internet and can be associated with compute instances and network interfaces. A malicious actor can abuse the EIP transfer feature, that allows transferring EIPs between accounts, in order to take over a victim's public IP address. This IP address may be associated with critical services or sensitive network/firewall allow-lists, thus misusing it can cause severe damage in the face of Denial-Of-Service, Bypassing allow-lists and Conducting phishing attacks.