Cyber Incident Victim: Grafana Labs
Date:
May 2026
Location:
United States of America
Summary
Grafana Labs discovered that its GitHub repositories were accessed through a compromised token linked to the TanStack supply chain attack, after detecting malicious activity and rotating most workflow tokens but missing one. The threat actor exfiltrated the company's codebase, internal operational information, and business contact names and email addresses, while no production systems or its Cloud platform were altered or affected. A ransom demand was refused, and the firm responded by hardening its GitHub posture, notifying law enforcement, and confirming that the stolen code was not modified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 11, 2026, Grafana Labs detected malicious activity linked to the TanStack supply chain attack and immediately began rotating GitHub workflow tokens. Despite the rotation, one token was not revoked, allowing the threat actor behind the TanStack attack to gain access to Grafana’s GitHub repositories. A later review showed that a specific GitHub workflow originally considered unaffected had in fact been compromised. On May 16, 2026, the attackers sent a ransom demand to Grafana Labs, which the company refused to pay. Following the demand, Grafana Labs launched additional mitigation steps, hardened its GitHub security posture, and notified law enforcement. The company stated that the scope of the incident was confined to its GitHub repositories, encompassing both public and private source code as well as internal operational repositories.
The attackers exfiltrated Grafana’s codebase and also took internal operational information and other business details stored in those repositories. This included business contact names and email addresses that would be exchanged in a professional relationship context, not data drawn from production systems or the Grafana Cloud platform. Grafana Labs confirmed that its production systems and the Grafana Cloud platform were not affected by the breach. The stolen codebase was downloaded but not modified, and the company said no action was required from customers or open‑source users. The intrusion occurred because TeamPCP threat actors had compromised dozens of TanStack npm packages with credential‑stealing malware aimed at CI/CD environments such as GitHub Actions. When Grafana’s CI/CD pipeline automatically consumed a malicious package, the infostealer executed and exported the relevant GitHub workflow tokens.
TanStack reported that on May 11, 2026, the threat actors published 84 malicious versions across 42 @tanstack/* packages as part of the Mini Shai‑Hulud campaign. The infostealer used in the attack targeted not only GitHub Actions tokens but also credentials for GitLab, CircleCI, AWS, Google Cloud Platform, Azure, Kubernetes, HashiCorp Vault and various package registries. Beyond TanStack, the campaign extended to compromise OpenSearch npm versions, PyPI mistralai 2.4.6, PyPI guardrails‑ai 0.10.1 and additional @squawk packages. The operation was notable because TeamPCP had infiltrated TanStack’s own CI/CD pipeline, allowing the malicious packages to be signed and appear legitimate, thereby bypassing typical security filters used by downstream developers. Grafana Labs characterized the incident as one of the downstream victims of the broader Mini Shai‑Hulud supply chain effort and reiterated that there was no indication of compromise to customer production systems or operations.