These threat actors had been then capable to steal AWS session tokens, the short-term keys that permit you to ask for non permanent credentials towards your employer??s AWS account. By hijacking active tokens, the attackers were ready to bypass MFA controls and achieve access to Secure Wallet ?