Suspicious activity

User access key created from Tor IP address

Risk Level

Imminent Compromised (2)

Platform(s)

Description

Orca detected that a new AWS user access key was created from a tor IP address - {MaliciousIp.MaliciousIp}. This action may indicate of a presence of an unauthorized actor in the cloud environment which tries to implement persistence technique to the cloud environment via the user's access.

  • Recommended Mitigation

    It is recommended to review the permissions which were used to make this api call. In addition, review the actions of the affected user and delete the access key if it is possible.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.