Create a Login Profile on an IAM User
MITRE ATT&CK Tactics
- Privilege Escalation
Establishes persistence by creating a Login Profile on an existing IAM user. This allows an attacker to access an IAM user intended to be used programmatically through the AWS console usual login process.
- Create an IAM user
- Create an IAM Login Profile on the user
In particular, it's suspicious when these events occur on IAM users intended to be used programmatically.