These threat actors have been then able to steal AWS session tokens, the momentary keys that help you request momentary credentials to the employer??s AWS account. By hijacking active tokens, the attackers have been able to bypass MFA controls and achieve access to Protected Wallet ??s AWS acco