Key Findings

* UNC6426 breached a victim's cloud environment within 72 hours

* Supply chain attack compromised nx npm package in August 2025

* Stolen GitHub token used to gain unauthorized cloud access

* Threat actor created new AWS administrator role

* Exfiltrated data from S3 buckets and destroyed production environments

* AI-assisted attack leveraged LLM tools for credential theft

Background

The incident originated from a supply chain vulnerability in the nx npm package discovered in August 2025. Threat actors exploited a vulnerable pull_request_target workflow to obtain elevated privileges and access sensitive data. The attack specifically targeted developers using the Nx Console plugin, allowing initial compromise through a malicious postinstall script.

Initial Compromise Mechanism

The attack began with a trojanized npm package embedding a JavaScript credential stealer called QUIETVAULT. This tool weaponized an existing Large Language Model (LLM) tool on the endpoint to scan and extract sensitive information like environment variables, system details, and GitHub Personal Access Tokens (PATs).

Reconnaissance and Lateral Movement

Two days after initial compromise, UNC6426 used the stolen PAT with an open-source tool called Nord Stream to extract secrets from CI/CD environments. They leveraged a GitHub service account to generate temporary AWS Security Token Service (STS) tokens, gaining a foothold in the victim's AWS environment.

Privilege Escalation

The threat actor exploited an overly permissive GitHub-Actions-CloudFormation role to deploy a new AWS stack. This stack's sole purpose was creating a new IAM role with full administrator access, effectively escalating from a stolen token to complete cloud environment control.

Impact and Destructive Actions

With full administrator permissions, UNC6426 conducted multiple malicious activities:

* Enumerated and accessed S3 bucket objects

* Terminated production EC2 and RDS instances

* Decrypted application keys

* Renamed all internal GitHub repositories and made them public

Mitigation Recommendations

* Use package managers preventing postinstall scripts

* Apply principle of least privilege to CI/CD service accounts

* Enforce fine-grained PATs with short expiration windows

* Remove standing privileges for high-risk actions

* Monitor for anomalous IAM activity

* Implement controls to detect Shadow AI risks

Broader Implications

The incident highlights an emerging trend of AI-assisted supply chain attacks, where malicious intent is expressed through natural language prompts. This approach complicates traditional detection methods and expands the potential attack surface as AI tools become more integrated into developer workflows.

Sources

• https://thehackernews.com/2026/03/unc6426-exploits-nx-npm-supply-chain.html

• https://bulletproofservers.hk/blog/how-unc6426-went-from-nx-npm-malware-to-aws-admin-in-72-hours/

• https://x.com/shah_sheikh/status/2031650917385457763

• https://www.reddit.com/r/pwnhub/comments/1rqsiq2/unc6426_exploits_nx_npm_supplychain_attack_to/

• https://www.techjuice.pk/hackers-exploit-npm-supply-chain-to-gain-aws-admin-access/