SlowMist: Grafana is suspected to have been attacked, and the attacker may have stolen the private key and implanted malicious code
2025-04-27 07:01
Odaily News According to a security alert issued by SlowMist Chief Information Security Officer @im23pds, the open source data visualization tool Grafana is suspected to have been attacked. The attacker used Gato-X to steal signing keys and abused application tokens to invade multiple code bases. Preliminary analysis shows that the attacker may inject JavaScript code by forging malicious branch names to steal sensitive information. The goals include using tibdex/github-app-token to generate high-privilege GitHub tokens, tampering with grafana/grafana repositories, and implanting hidden backdoors. SlowMist reminds users to remain vigilant.
Recommended Articles
