Grafana Labs Links GitHub Breach to TanStack Supply Chain Attack

Grafana Labs has confirmed that a recent breach of its GitHub environment was caused by the Mini Shai-Hulud supply chain attack targeting compromised TanStack npm packages. The attackers, tracked as TeamPCP, embedded credential-stealing malware into malicious package versions, which were automatically consumed by Grafana’s CI/CD pipeline and used to exfiltrate GitHub workflow tokens. Although the company rotated many credentials after detecting suspicious activity, one overlooked token enabled attackers to access source code repositories and steal additional internal operational information and business contact details. The incident highlights the growing risks posed by trusted software supply chain compromises, especially when malicious packages are cryptographically signed and distributed through legitimate development ecosystems.

Reference: infosecurity-magazine.com