Home
News
Details

Grafana Confirms Supply Chain Attack, No Impact on Customer Systems

iconKuCoinFlash
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
Grafana confirms a supply chain attack via the TanStack npm package, part of the Mini Shai-Hulud activity. Attackers gained access to GitHub repositories and issued ransom demands. CFT agencies are now involved in the investigation. No customer systems were affected, including Grafana Cloud. Business contact details were stolen, but the code remained uncompromised. The company will not pay the ransom and is strengthening its CI/CD security. Risk-on assets experienced minor volatility as the incident unfolded.

Odaily Planet Daily reports that Grafana Labs posted on X, stating that on May 16, it confirmed a targeted cyberattack. The attackers gained unauthorized access to its GitHub repository and downloaded the codebase via a TanStack npm supply chain attack (Mini Shai-Hulud campaign), followed by a ransom threat.

Investigations indicate that this incident was strictly limited to Grafana Labs’ GitHub environment, with no evidence that customer production systems, operations, or the Grafana Cloud platform were affected. In addition to source code, the downloaded content included some internal business contacts’ names and email addresses. Although the attacker downloaded the code repositories, no alterations were made. Grafana Labs has decided not to pay the ransom and has notified federal law enforcement agencies. Enhanced security measures, including strengthening the CI/CD pipeline, are currently being implemented.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.