Create an Access Key on an IAM User
Platform: AWS
MITRE ATT&CK Tactics
- Persistence
- Privilege Escalation
Description
Establishes persistence by creating an access key on an existing IAM user.
Warm-up:
- Create an IAM user.
Detonation:
- Create an IAM access key on the user.
Instructions
Detection
Through CloudTrail's CreateAccessKey
event. This event can hardly be considered suspicious by itself, unless
correlated with other indicators.
'