These threat actors had been then able to steal AWS session tokens, the momentary keys that let you request non permanent credentials in your employer??s AWS account. By hijacking active tokens, the attackers were being ready to bypass MFA controls and gain use of Secure Wallet ??s AWS account.