Tag
Adversaries leveraging compromised user credentials can perform a suspicious AWS STS AssumeRoot action by a rarely observed user and member account combination to escalate privileges and gain unauthorized access to AWS resources, potentially leading to data exfiltration or resource manipulation.