These danger actors had been then in the position to steal AWS session tokens, the non permanent keys that permit you to ask for momentary credentials to your employer??s AWS account. By hijacking active tokens, the attackers ended up able to bypass MFA controls and get usage of Safe and sound