Grafana Labs says a targeted intrusion tied to the Mini Shai-Hulud npm worm and a poisoned TanStack package led to source code theft and a ransom demand, but no production or live cloud systems were accessed. The company rotated tokens, hardened GitHub security, and is auditing commits after attackers cloned repositories and exposed internal business contact data. #GrafanaLabs #MiniShaiHulud #TanStack #GitHub
Keypoints
- Grafana Labs traced the breach to the Mini Shai-Hulud npm worm campaign.
- A poisoned upstream package from a TanStack supply chain attack entered a developer pipeline.
- Attackers used a missed GitHub workflow token to access Grafana repositories.
- The intruders stole source code and internal GitHub repositories, then demanded ransom.
- Grafana said no production systems were touched and no customer action is needed.
Read More: https://securityonline.info/grafana-labs-source-code-theft-mini-shai-hulud-npm-worm/