AWS account closed

ID:aws_account_closed

Data type:AWS CloudTrail

Severity:

Informational

Description

AlphaSOC detected that an AWS account was closed using the CloseAccount action. This action permanently disables an AWS account, potentially leading to the loss of associated resources and data.

Impact

Threat actors may exploit this action to disrupt business operations, erase evidence, or sabotage an organization's AWS infrastructure. It can lead to irreparable damage and hinder incident response efforts.

Severity

Severity	Condition
Informational	AWS account closed

Investigation and Remediation

Review AWS CloudTrail logs to identify who performed the CloseAccount action and verify whether it was authorized. If unauthorized, contact AWS Support, conduct a comprehensive security audit, and revoke potentially compromised credentials to mitigate further damage.

Description​

Impact​

Severity​

Investigation and Remediation​

Description

Impact

Severity

Investigation and Remediation