These menace actors have been then in a position to steal AWS session tokens, the short term keys that let you request non permanent qualifications in your employer??s AWS account. By hijacking active tokens, the attackers were being capable to bypass MFA controls and obtain access to Harmless