Grafana: Suffered a supply chain attack, but the security incident did not affect customer production systems or operations

Odaily Odaily reports that Grafana Labs posted on X, stating that it confirmed a targeted hacker attack on May 16. The attacker gained unauthorized access to its GitHub repository and downloaded the codebase through a TanStack npm supply chain attack (Mini Shai-Hulud campaign), subsequently issuing a ransom threat.

Investigations indicate that this incident was strictly limited to Grafana Labs' GitHub environment, with no evidence suggesting it affected customer production systems, operations, or the Grafana Cloud platform. The downloaded content, in addition to source code, also included the names and email addresses of some internal business contacts. Although the attacker downloaded the codebase, it was not tampered with. Grafana Labs has decided not to pay the ransom and has notified federal law enforcement authorities. It is currently implementing defensive measures, including enhancing CI/CD pipeline security.