These threat actors have been then in the position to steal AWS session tokens, the non permanent keys that let you ask for non permanent qualifications to your employer??s AWS account. By hijacking active tokens, the attackers have been in the position to bypass MFA controls and attain access