Uncover gaps in your Microsoft Identity Security.
Book an identity exposure gap analysis today.
Back to all detections

AWS Root Credential Usage

AWS Root Credential Usage
Overview
Possible Root Causes
Example Scenarios
Business Impact
Steps to Investigate
MITRE ATT&CK Techniques
Related Detections
FAQ

Detection overview

Triggers

  • An action was taken by the root account.

Possible Root Causes

  • An attacker has compromised the root account and is using the unfettered access it grants to further their attack.
  • Administrators are using the root account for normal activities, which is against best practices and should not be done.

Business Impact

  • Malicious use of the root account indicates significant opportunity for negative impact to organizational assets, services, and data to include disruptive impact and sensitive data loss.
  • Misuse of the root account by admins for routine activities greatly elevates the risk of accidental damage or disruption.

Steps to Verify

  • Review the activity completed by the root account for indications of malicious activity.
  • Validate with the team responsible for administering AWS that they used the root account for an authorized activity.
AWS Root Credential Usage

Possible root causes

Malicious Detection

Benign Detection

AWS Root Credential Usage

Example scenarios

AWS Root Credential Usage

Business impact

If this detection indicates a genuine threat, the organization faces significant risks:

AWS Root Credential Usage

Steps to investigate

AWS Root Credential Usage

MITRE ATT&CK techniques covered

Valid Accounts

T1078
AWS Root Credential Usage

Related detections

No items found.

See our detections in action

Our interactive demo provides a deep dive into the advanced capabilities of our cybersecurity platform, showcasing real-time detection, comprehensive analysis, and proactive threat mitigation.

Don't just read about the possibilities – experience them.

Launch the free tour
Ask for a custom demo

FAQs