Grafana this week revealed that the unauthorized entry to the Grafana Labs GitHub repositories disclosed earlier this month was the results of the TanStack provide chain assault.
On Could 11, TanStack and different high-profile NPM and PyPI initiatives had been hit by a Mini Shai-Hulud provide chain assault that resulted in self-propagating information-stealing malware being deployed on victims’ computer systems.
Grafana says it detected malicious exercise related to the assault on Could 11 and instantly rotated GitHub workflow tokens.
As a result of one token was not revoked, nonetheless, the risk actor behind the TanStack assault accessed Grafana’s GitHub repositories.
“A subsequent overview confirmed {that a} particular GitHub workflow we initially deemed not impacted had, in actual fact, been compromised,” Grafana says.
On Could 16, Grafana acquired a ransom demand from the attackers, however refused to pay. Concurrently, it launched further mitigation efforts, hardened its GitHub posture, and notified legislation enforcement.
“Present findings point out the scope of this incident is restricted to the Grafana Labs GitHub repositories, which embody private and non-private supply code together with inside GitHub repos,” Grafana says.
Whereas no buyer manufacturing techniques or operations had been affected, the hackers did steal Grafana’s codebase, in addition to repositories storing inside operational info and different enterprise particulars.
“This consists of enterprise contact names and e mail addresses that may be exchanged in an expert relationship context, not info pulled from or processed via using manufacturing techniques or the Grafana Cloud platform,” Grafana says.
The incident, it explains, didn’t have an effect on its manufacturing techniques, nor the Grafana Cloud platform. Moreover, Grafana says, whereas its codebase was downloaded, it was not modified, and no motion is required from prospects or open supply customers.
