UNC6426’s Rapid Exploitation of nx npm Supply Chain Leads to Full AWS Admin Access in 72 Hours
In a striking demonstration of the vulnerabilities inherent in software supply chains, the threat actor identified as UNC6426 successfully infiltrated a victim’s cloud infrastructure, achieving full administrative access within a mere 72 hours. This breach was facilitated through the exploitation of the nx npm package, underscoring the critical need for robust security measures in software development and deployment processes.
The Initial Breach: Exploiting the nx npm Package
The attack’s genesis traces back to August 2025, when malicious entities targeted the nx npm package. By exploiting a vulnerability in the `pull_request_target` workflow—a method known as Pwn Request—attackers gained elevated privileges. This access allowed them to retrieve sensitive data, notably the `GITHUB_TOKEN`, and subsequently upload compromised versions of the nx package to the npm registry.
These tampered packages contained a post-installation script designed to execute a JavaScript-based credential stealer named QUIETVAULT. This tool was engineered to extract environment variables, system details, and critical tokens, including GitHub Personal Access Tokens (PATs). Leveraging an existing Large Language Model (LLM) tool on the compromised system, QUIETVAULT scanned for and exfiltrated sensitive information, which was then uploaded to a public GitHub repository titled /s1ngularity-repository-1.
The Cascade of Compromise: From GitHub to AWS
The breach’s progression was alarmingly swift. An employee within the targeted organization inadvertently triggered the execution of QUIETVAULT by updating the Nx Console plugin in their code editor. This action set off a chain of events that led to the full compromise of the organization’s cloud environment.
Two days post-initial compromise, UNC6426 began reconnaissance within the victim’s GitHub environment using the stolen PAT. Employing Nord Stream, an open-source tool, the attackers extracted secrets from the Continuous Integration/Continuous Deployment (CI/CD) environments, uncovering credentials for a GitHub service account.
With these credentials, the attackers generated temporary AWS Security Token Service (STS) tokens for the Actions-CloudFormation role. This maneuver granted them a foothold in the victim’s AWS environment. Notably, the Github-Actions-CloudFormation role possessed overly permissive permissions. Exploiting this, UNC6426 deployed a new AWS Stack with capabilities [CAPABILITY_NAMED_IAM,CAPABILITY_IAM], creating a new Identity and Access Management (IAM) role with full administrative access.
Within 72 hours, the attackers escalated from a stolen GitHub token to full AWS administrator permissions. Armed with this access, they enumerated and accessed objects within S3 buckets, terminated production Elastic Compute Cloud (EC2) and Relational Database Service (RDS) instances, and decrypted application keys. In a final act of disruption, all internal GitHub repositories of the victim were renamed to /s1ngularity-repository-[randomcharacters] and made public.
Mitigation Strategies: Fortifying the Supply Chain
This incident serves as a stark reminder of the vulnerabilities present in software supply chains and the cascading effects a single point of failure can have. To mitigate such threats, organizations are advised to:
1. Restrict Post-Installation Scripts: Utilize package managers that prevent the execution of post-installation scripts or implement sandboxing tools to contain their impact.
2. Enforce Least Privilege Access: Apply the principle of least privilege (PoLP) to CI/CD service accounts and OpenID Connect (OIDC)-linked roles, ensuring they have only the permissions necessary for their functions.
3. Implement Fine-Grained PATs: Enforce Personal Access Tokens (PATs) with short expiration periods and specific repository permissions to limit potential misuse.
4. Eliminate Standing Privileges: Remove standing privileges for high-risk actions, such as the creation of administrator roles, to reduce the attack surface.
5. Monitor IAM Activity: Continuously monitor for anomalous Identity and Access Management (IAM) activities to detect and respond to unauthorized actions promptly.
6. Address Shadow AI Risks: Implement robust controls to detect and mitigate risks associated with Shadow AI, ensuring that AI tools integrated into developer workflows do not inadvertently expand the attack surface.
The Evolving Threat Landscape: AI-Assisted Supply Chain Attacks
The UNC6426 incident highlights a concerning evolution in cyber threats: AI-assisted supply chain attacks. In this scenario, malicious actors leverage AI agents embedded within developer tools to execute attacks. These agents, possessing privileged access to the developer’s file system, credentials, and authenticated tools, can be manipulated through natural-language prompts. This method complicates traditional detection approaches, as the malicious intent is conveyed through prompts rather than explicit network callbacks or hard-coded endpoints.
As AI assistants become more integrated into developer workflows, they inadvertently expand the attack surface. Any tool capable of invoking these assistants inherits their reach, making it imperative for organizations to scrutinize and secure AI integrations within their development environments.
Conclusion: A Call to Action
The rapid escalation from a compromised npm package to full AWS administrative access within 72 hours underscores the critical need for comprehensive security measures in software development and deployment. Organizations must adopt a multi-faceted approach, combining technical controls with vigilant monitoring and a culture of security awareness, to defend against the evolving landscape of supply chain attacks.
