Tag
Adversaries leverage a compromised AWS EC2 instance's assumed IAM role to create new, unauthorized IAM users, establishing persistence within the AWS environment by granting themselves persistent access even after the initial compromise is remediated.