These threat actors had been then in a position to steal AWS session tokens, the short term keys that enable you to ask for short term qualifications to the employer??s AWS account. By hijacking Energetic tokens, the attackers were able to bypass MFA controls and achieve usage of Secure Wallet