UNC 6426 is described as exploiting the nx npm supply-chain attack to gain AWS admin access within 72 hours, after a chain of intrusions that began with the theft of a developer’s GitHub token. The attackers then abused the GitHub-to-AWS OpenID Connect trust to create a new administrator role in the victim’s cloud environment, enabling them to exfiltrate data from S3 and conduct production-cloud disruptions.
The attack traces back to the nx npm package supply-chain compromise in August 2025, which involved Pwn Request-style activity to obtain elevated privileges and push trojanised packages to the npm registry. The postinstall script reportedly deployed a JavaScript credential stealer named QUIETVAULT to siphon environment variables, tokens and other secrets, with data uploaded to a public GitHub repository.
Google said UNC6426 reconnoitred the client’s GitHub environment using a stolen PAT and leveraged Nord Stream to extract secrets from CI/CD environments, before using the stolen credentials to obtain a foothold in AWS. According to Google, the compromised Github-Actions-CloudFormation role was overly permissive, allowing the attacker to deploy a new AWS Stack and attach AdministratorAccess, culminating in full AWS administrator permissions.
The incident underscores AI-assisted supply chain abuse and the growing difficulty of detecting tools that operate via natural-language prompts rather than hard-coded callbacks.