Suspicious activity

Exposed aws access key was used in attempt to login to console

Platform(s)

Description

Orca detected that an exposed AWS access key was used in attempt to login to aws console. This action may indicate of a presence of an unauthorized actor in the cloud environment, since the AWS credentials conducting the action has been exposed and compromised. The operation to login to aws console failed. AWS proactively monitors popular code repository sites for exposed AWS Identity and Access Management (IAM) access keys. On detection of an exposed IAM access key, a policy named 'AWSExposedCredentialPolicy_DO_NOT_REMOVE' is assigned to the IAM user in order to notify on the leaked access key. A login profile is created when you create a password for the IAM user to access the Amazon Web Services Management Console. Thus, by creating a new login profile for an existing IAM user, it allows to access the Amazon Web Services Management Console with the user's level of access.
Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.