These threat actors ended up then capable of steal AWS session tokens, the non permanent keys that let you ask for momentary credentials on your employer??s AWS account. By hijacking active tokens, the attackers ended up able to bypass MFA controls and achieve access to Harmless Wallet ??s AWS account. By timing their attempts to coincide with the