Suspicious activity

User access key created from malicious IP address

Risk Level

Imminent Compromised (2)

Platform(s)
  • N/A

Description

Orca detected that a new AWS user access key was created from a malicious IP address. This action may indicate of a presence of an unauthorized actor in the cloud environment which tries to implement persistence technique to the cloud environment via the user's access.
  • Recommended Mitigation

    It is recommended to review the permissions which were used to make this api call. In addition, review the actions of the affected user and delete the access key if it is possible.