First observed external IP abusing stolen Jenkins instance role credentials for cloud reconnaissance and IAM privilege escalation