User managed policy attached from malicious IP address
Suspicious activity
User managed policy attached from malicious IP address
Risk Level
Hazardous (3)
Platform(s)
Description
Orca detected that a managed policy was attached to a user, the operation was successful. The operation was called from a malicious IP address - {MaliciousIp.MaliciousIp}, which might indicate of a privilege escalation attempt. An attacker with permissions to attach policies, can attach a policy to entities which are in his control.
Recommended Mitigation
It is recommended to review the permissions which were used to make this api call. In addition, review the actions of the affected user and remove the policy in if it is possible.