星球日报|5月 20, 2026 00:38
[Grafana: Suffered Supply Chain Attack, but Security Incident Did Not Impact Customer Production Systems and Operations]
Odaily Planet Daily News - Grafana Labs posted on the X platform stating that on May 16, it confirmed being targeted by a hacker attack. The attackers gained unauthorized access to its GitHub repository through a TanStack npm supply chain attack (Mini Shai-Hulud campaign) and downloaded the codebase, subsequently issuing extortion threats. Investigations indicate that this incident was strictly confined to Grafana Labs' GitHub environment, with no evidence suggesting any impact on customer production systems, operations, or the Grafana Cloud platform. The downloaded content included source code as well as the names and email addresses of some internal business contacts. Although the attackers downloaded the codebase, no tampering was performed. Grafana Labs has decided not to pay the ransom and has reported the incident to federal law enforcement agencies. Measures to enhance defenses, such as strengthening the CI/CD pipeline security, are currently being implemented.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink