A threat actor, identified as UNC6426, exploited a stolen GitHub token to breach a cloud environment in just 72 hours, leveraging keys obtained from the nx npm supply-chain attack that occurred last year. The attack began with the theft of a developer's token, which was then used to gain unauthorized access to the cloud and steal sensitive data. The threat actor utilized the stolen credentials to escalate privileges, ultimately gaining administrative access to the victim's AWS environment. This swift and devastating attack highlights the significant risks associated with supply-chain compromises, particularly when attackers can exploit stolen credentials to move laterally within a cloud environment1. The ability of UNC6426 to breach a cloud environment in such a short timeframe underscores the importance of prompt incident response and robust security measures to prevent similar attacks.
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
⚡ High Priority
Why This Matters
A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim's cloud environment.
References
- The Hacker News. (2026, March 11). UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours. The Hacker News. https://thehackernews.com/2026/03/unc6426-exploits-nx-npm-supply-chain.html
Original Source
The Hacker News
Read original →