These risk actors have been then in a position to steal AWS session tokens, the temporary keys that help you request short-term credentials to your employer??s AWS account. By hijacking active tokens, the attackers were in a position to bypass MFA controls and acquire access to Secure Wallet ??s AWS account. By timing their initiatives to coincide