Suspicious activity

Exposed AWS access key was used in attempt to create access key

Risk Level

Imminent Compromised (2)

Platform(s)
  • N/A

Description

Orca detected that an exposed aws access key was used in attempt to create a new access key, the operation was not successful. This action may indicate of a presence of an unauthorized actor in the cloud environment. An attacker with an initial foothold, might try to create a new access key to ensure a persistence access to the cloud environment.
  • Recommended Mitigation

    It is recommended to rotate the exposed aws access key immediately and to review if the access key creation is a legitimate action.