Short-term AWS access tokens allow attackers to linger for a longer while

Attackers usually gain access to an organization’s cloud assets by leveraging compromised user access tokens obtained via phishing, by using malware, or by finding them in public code repositories. These are long-term access tokens associated with an AWS IAM or federated users (i.e, users who have authenticated via a third-party identity platform). They grant users – whether legitimate or malicious ones – specific roles and privileges. If the permission level is high enough, this compromised … More →

The post …

access access management access tokens amazon web services assets attackers authentication aws cloud cloud security code code repositories compromised don't miss federated hot stuff iam malware organization phishing public red canary repositories tokens