A sophisticated cyberattack orchestrated by threat actor UNC6426 has successfully compromised a victim's cloud environment, granting them full AWS administrator access within a mere 72 hours. The breach was initiated by exploiting a vulnerability in the nx npm package, a supply chain attack that began in August 2025. This incident underscores the growing threat of AI-assisted attacks and the critical need for robust security measures in software development pipelines.

Key Takeaways

• Rapid Escalation: UNC6426 escalated from a stolen GitHub token to full AWS administrator privileges in under 72 hours.

• AI-Assisted Attack: The malware utilized an existing LLM tool on the developer's endpoint to scan for sensitive information, marking a new frontier in AI-assisted cyber threats.

• Supply Chain Compromise: The attack leveraged a compromised nx npm package, highlighting the vulnerabilities in third-party dependencies.

• Data Exfiltration and Destruction: The attackers exfiltrated data from S3 buckets and performed destructive actions on production environments.

The Attack Vector

The attack commenced with the theft of a developer's GitHub token, a critical first step that provided UNC6426 with unauthorized access. This initial compromise was a direct result of a supply chain attack on the nx npm package in August 2025. Attackers exploited a "Pwn Request" vulnerability within a pull_request_target workflow to gain elevated privileges and inject malicious code into the package. These trojanized versions were then pushed to the npm registry.

Malicious Payload and Data Theft

Once integrated into a victim's system, the compromised npm packages executed a postinstall script. This script launched a JavaScript credential stealer named QUIETVAULT. Notably, QUIETVAULT weaponized a Large Language Model (LLM) tool already present on the developer's endpoint. This AI integration allowed the malware to scan the system for sensitive information, including environment variables, system details, and valuable tokens like GitHub Personal Access Tokens (PATs). The stolen data was then uploaded to a public GitHub repository.

The incident was triggered at the victim organization when an employee ran a code editor application that included the Nx Console plugin. An update process for this plugin inadvertently executed QUIETVAULT.

Gaining Cloud Administrator Access

Following the initial compromise, UNC6426 initiated reconnaissance within the victim's GitHub environment using the stolen PAT. They employed an open-source tool called Nord Stream to extract secrets from CI/CD environments, successfully obtaining credentials for a GitHub service account. This service account was then used to generate temporary AWS Security Token Service (STS) tokens for an overly permissive "Actions-CloudFormation" role.

Leveraging the excessive permissions of this compromised role, UNC6426 deployed a new AWS Stack. The sole purpose of this stack was to create a new IAM role and assign it the highly privileged policy. This allowed UNC6426 to achieve full AWS administrator permissions in less than 72 hours.

Impact and Aftermath

With complete administrative control over the AWS environment, the threat actor engaged in several destructive actions. They enumerated and accessed objects within S3 buckets, terminated production Elastic Compute Cloud (EC2) and Relational Database Service (RDS) instances, and decrypted application keys. In a final act of sabotage, all of the victim's internal GitHub repositories were renamed and made public.

Recommendations

To mitigate such sophisticated supply chain attacks, security experts recommend several measures:

• Utilize package managers that can prevent or sandbox postinstall scripts.

• Implement the principle of least privilege (PoLP) for CI/CD service accounts and OIDC-linked roles.

• Enforce fine-grained PATs with short expiration windows and specific repository permissions.

• Remove standing privileges for high-risk actions, such as creating administrator roles.

• Continuously monitor for anomalous IAM activity.

• Implement strong controls to detect potential "Shadow AI" risks where AI tools are misused.

The incident highlights the evolving threat landscape, particularly the rise of AI-assisted supply chain abuse, where malicious intent can be masked by natural language prompts, making detection more challenging.

Sources

• UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours, The Hacker News.

• Hackers Exploit npm Supply Chain to Gain AWS Admin Access, TechJuice.