Key Findings * UNC6426 breached a victim's cloud environment within 72 hours * Supply chain attack compromised nx npm package in August 2025 * Stolen GitHub token used to gain unauthorized cloud access * Threat actor created new AWS administrator role * Exfiltrated data from S3 buckets and destroyed production environments * AI-assisted attack leveraged LLM tools for credential theft Background The incident originated from a supply chain vulnerability in the nx npm package di
