A recent cyber incident involving the threat actor known as UNC6426 has raised significant security concerns after they exploited a vulnerability in the nx npm package to infiltrate a cloud environment and gain AWS administrative access within just 72 hours. The attack commenced with the theft of a developer’s GitHub token, setting the stage for unauthorized cloud entry and data exfiltration.
Exploitation of GitHub-AWS Trust
UNC6426 maneuvered the stolen token to exploit the GitHub-to-AWS OpenID Connect (OIDC) trust. This allowed them to create an administrator role in the cloud environment, facilitating the extraction of files from Amazon Web Services’ (AWS) Simple Storage Service (S3) buckets and subsequent data destruction, as detailed in Google’s Cloud Threat Horizons Report for the first half of 2026.
The initial breach stemmed from a supply chain attack on the nx npm package in August 2025. Attackers manipulated a vulnerable pull_request_target workflow, known as Pwn Request, to gain elevated privileges, access sensitive data, and upload compromised versions of the package to the npm registry.
QUIETVAULT and Credential Compromise
The compromised packages contained a postinstall script that launched QUIETVAULT, a JavaScript credential stealer. This tool harvested environment variables, system information, and GitHub Personal Access Tokens (PATs), leveraging a pre-installed Large Language Model (LLM) tool for data extraction. The stolen data was subsequently uploaded to a public GitHub repository.
The attack escalated when an employee at the victim organization executed a code editor using the Nx Console plugin, inadvertently triggering the execution of QUIETVAULT. UNC6426 then conducted reconnaissance using the stolen PAT, employing a legitimate open-source tool to extract secrets and obtain credentials.
Implications and Preventive Measures
By exploiting these credentials, the attackers generated temporary AWS Security Token Service (STS) tokens, enabling them to establish a foothold in the victim’s AWS environment. The compromised GitHub-Actions-CloudFormation role, due to its excessive permissions, was used to deploy a new AWS stack, ultimately granting full administrative privileges.
To mitigate such threats, experts recommend using secure package managers, applying the principle of least privilege (PoLP), enforcing fine-grained PATs with short expiration, and monitoring anomalous IAM activity. As AI tools become more embedded in development workflows, they present new vulnerabilities, necessitating robust detection controls.
This incident underscores the evolving nature of supply chain attacks, particularly those facilitated by AI technology. The integration of AI assistants into developer environments expands attack surfaces and complicates traditional detection methods, highlighting the need for enhanced security measures.
