Exposed AWS access key was used in attempt to create access key
Suspicious activity
Exposed AWS access key was used in attempt to create access key
Risk Level
Imminent Compromised (2)
Platform(s)
Description
Orca detected that an exposed aws access key was used in attempt to create a new access key, the operation was not successful. This action may indicate of a presence of an unauthorized actor in the cloud environment. An attacker with an initial foothold, might try to create a new access key to ensure a persistence access to the cloud environment.
Recommended Mitigation
It is recommended to rotate the exposed aws access key immediately and to review if the access key creation is a legitimate action.