Use of an AWS IAM access key that was unused for a long period
Description
AlphaSOC detected that an AWS IAM access key that was unused for an extended period was unexpectedly used. This activity could indicate that a dormant access key has been discovered and exploited by a threat actor.
Impact
The unexpected use of a long-dormant access key may signify a security breach, potentially granting unauthorized access to sensitive AWS resources. This could lead to data breaches, resource misuse, or further compromise of the AWS environment.
Severity
| Severity | Condition |
|---|---|
Medium | Use of an AWS IAM access key that was unused for a long period |
Investigation and Remediation
Review AWS CloudTrail logs and verify whether the use of the dormant access key was authorized. If unauthorized, deactivate the key, rotate potentially compromised credentials, and perform a security audit of the AWS environment for other signs of compromise.