Suspicious activity

Exposed AWS access key was used in attempt to create access key

Risk Level

Imminent Compromised (2)

Platform(s)

Description

Orca detected that an exposed aws access key was used in attempt to create a new access key, the operation was not successful. This action may indicate of a presence of an unauthorized actor in the cloud environment. An attacker with an initial foothold, might try to create a new access key to ensure a persistence access to the cloud environment.
  • Recommended Mitigation

    It is recommended to rotate the exposed aws access key immediately and to review if the access key creation is a legitimate action.