These threat actors ended up then in the position to steal AWS session tokens, the non permanent keys that let you request temporary credentials to the employer??s AWS account. By hijacking Energetic tokens, the attackers have been in a position to bypass MFA controls and attain use of Harmless