TanStack Supply Chain Attack Impacts Grafana
Grafana this week revealed that the unauthorized access to the Grafana Labs GitHub repositories disclosed earlier this month was the result of the TanStack supply chain attack. On May 11, TanStack and other high-profile NPM and PyPI projects were hit by a Mini Shai-Hulud supply chain attack that resulted in self-propagating information-stealing malware being deployed on victims’ computers.
Malicious Activity Detection and Response
Grafana says it detected malicious activity associated with the attack on May 11 and immediately rotated GitHub workflow tokens. Because one token was not revoked, however, the threat actor behind the TanStack attack accessed Grafana’s GitHub repositories. A subsequent review confirmed that a specific GitHub workflow we originally deemed not impacted had, in fact, been compromised.
On May 16, Grafana received a ransom demand from the attackers, but refused to pay. Simultaneously, it launched additional mitigation efforts, hardened its GitHub posture, and notified law enforcement.
Incident Scope and Impact
Current findings indicate the scope of this incident is limited to the Grafana Labs GitHub repositories, which include public and private source code along with internal GitHub repos. While no customer production systems or operations were affected, the hackers did steal Grafana’s codebase, as well as repositories storing internal operational information and other business details.
This includes business contact names and email addresses that would be exchanged in a professional relationship context, not information pulled from or processed through the use of production systems or the Grafana Cloud platform. The incident, it explains, did not affect its production systems, nor the Grafana Cloud platform.
No Action Needed from Customers or Open Source Users
Furthermore, Grafana says, while its codebase was downloaded, it was not modified, and no action is needed from customers or open source users. The company has taken steps to mitigate the attack and prevent similar incidents in the future.
The TanStack supply chain attack is a significant incident that highlights the importance of security in the software development process. As the use of open-source software and third-party libraries becomes more prevalent, the risk of supply chain attacks increases.
Related incidents, such as the Mini Shai-Hulud supply chain attack, have affected numerous high-profile projects and companies, including OpenAI and GitHub. These incidents demonstrate the need for increased vigilance and security measures to protect against supply chain attacks.
In response to the incident, Grafana has hardened its GitHub posture and notified law enforcement. The company is also conducting a thorough review of its security processes to prevent similar incidents in the future.
The incident serves as a reminder of the importance of security in the software development process and the need for companies to be proactive in protecting against supply chain attacks.
Conclusion
In conclusion, the TanStack supply chain attack has had a significant impact on Grafana, resulting in the theft of its codebase and other data. However, the company's quick response and mitigation efforts have limited the scope of the incident, and no customer production systems or operations were affected.
The incident highlights the importance of security in the software development process and the need for companies to be proactive in protecting against supply chain attacks. As the use of open-source software and third-party libraries becomes more prevalent, the risk of supply chain attacks increases, and companies must take steps to mitigate this risk.
Source: SecurityWeek