Suspicious activity

User access key created from Tor IP address

Risk Level

Imminent Compromised (2)



Orca detected that a new AWS user access key was created from a tor IP address - {MaliciousIp.MaliciousIp}. This action may indicate of a presence of an unauthorized actor in the cloud environment which tries to implement persistence technique to the cloud environment via the user's access.
  • Recommended Mitigation

    It is recommended to review the permissions which were used to make this api call. In addition, review the actions of the affected user and delete the access key if it is possible.