A sophisticated threat actor, tracked as UNC6426, has demonstrated the devastating downstream consequences of software supply-chain attacks. By leveraging credentials stolen during the 2025 compromise of the popular `nx` npm package, the actor was able to completely breach a victim organization's cloud environment in just 72 hours. The attack chain began with the theft of a developer's GitHub token, which UNC6426 used as an initial foothold to gain unauthorized access to the victim's cloud infrastructure.
According to Google's Cloud Threat Horizons Report for the first half of 2026, the actor's next move was particularly critical. "UNC6426 then used this access to abuse the GitHub-to-AWS OpenID Connect (OIDC) trust and create a new administrator role in the cloud environment," the report stated. This newly minted administrative privilege was immediately weaponized to exfiltrate files from the organization's Amazon Web Services (AWS) Simple Storage Service (S3) buckets. The attack culminated in data destruction within the victim's production cloud environments, showcasing a rapid progression from initial access to significant impact.
The initial supply-chain vector dates back to August 2025, when unidentified threat actors compromised the `nx` npm package. They exploited a vulnerable `pull_request_target` GitHub workflow—a technique known as a "Pwn Request" attack—to gain elevated privileges. This access allowed them to steal sensitive data, including a `GITHUB_TOKEN`, and ultimately push malicious, trojanized versions of the package to the official npm registry. The malicious packages contained a post-install script that executed a JavaScript-based credential stealer dubbed QUIETVAULT.
QUIETVAULT was engineered for maximum stealth and efficiency. It siphoned environment variables, system information, and valuable authentication tokens, such as GitHub Personal Access Tokens (PATs). Notably, the malware weaponized a Large Language Model (LLM) tool already present on the compromised endpoint to perform targeted searches for this sensitive data. All stolen information was then exfiltrated to a public GitHub repository named `/s1ngularity-repository-1`. Google's analysis indicates the breach at the victim organization occurred when an employee ran a code editor application that used the Nx Console plugin, triggering an update that executed the QUIETVAULT stealer.
Following the initial compromise, UNC6426 began reconnaissance within the victim's GitHub environment using the stolen PAT just two days later. The actor employed legitimate open-source tools for this activity, blending in with normal traffic to avoid detection. This incident underscores a critical cybersecurity lesson: a single compromised dependency in the software supply chain can serve as a springboard for a full-scale, multi-stage cloud breach. It highlights the urgent need for robust secrets management, strict enforcement of the principle of least privilege in cloud Identity and Access Management (IAM), and enhanced monitoring for abnormal activities in CI/CD pipelines and OIDC trust relationships.
