Grafana: Suffered Supply Chain Attack, But Security Incident Did Not Affect Customer Production Systems and Operations

Odaily Odaily Planet Daily News reported that Grafana Labs announced on X platform that it confirmed a targeted hacker attack on May 16. The attackers gained unauthorized access to its GitHub repository and downloaded the codebase through a TanStack npm supply chain attack (Mini Shai-Hulud campaign), subsequently issuing extortion threats.

The investigation indicates that this incident was strictly limited to Grafana Labs' GitHub environment, with no evidence that customer production systems, operations, or the Grafana Cloud platform were affected. The downloaded content included, in addition to source code, the names and email addresses of some internal business contacts. Although the attackers downloaded the codebase, they did not tamper with it. Grafana Labs decided to refuse to pay the ransom and has notified federal law enforcement authorities. Defensive measures, such as strengthening the security of the CI/CD pipeline, are currently being implemented.