In August 2025, unknown actors exploited a misconfigured GitHub Actions workflow in the nrwl/nx repository to push trojanized versions of the nx npm package. The packages embedded a postinstall script that executed QUIETVAULT - a JavaScript credential stealer. Critically, QUIETVAULT weaponized an LLM CLI already installed on the developer's endpoint to scan the system for sensitive information (GitHub PATs, AWS keys, npm tokens). Stolen secrets were uploaded to a public attacker-controlled GitHub repository named /s1ngularity-repository-1. Two days later, UNC6426 used the stolen PAT with Nord Stream - a legitimate open-source CI/CD secrets extractor - to leak the credentials of a GitHub service account and trigger a sts:AssumeRoleWithWebIdentity call against the GitHub→AWS OIDC trust. The resulting AWS STS credentials were used to deploy a CloudFormation stack (CAPABILITY_NAMED_IAM) that created a new IAM role attached to the AWS-managed AdministratorAccess policy.

Within 72 hours of the original npm install, UNC6426 had full AWS administrator privileges. Operators enumerated S3 buckets, terminated production EC2 and RDS instances, decrypted application keys via KMS, and renamed every internal GitHub repository to /s1ngularity-repository-[random] and made them public. AWS, GitHub, and the affected customer were notified. The break-point for this entire chain is the OIDC trust policy: pinning the sub claim to repo:org/repo:environment:prod eliminates the cross-repo trust scope that Nord Stream exploited.