SYS::ONLINE
Wasteland.
Briefs975
Issues16
SinceFeb 2026
LIVE
▣ Breach GRAFANA-TANSTACK-N 2026-06-25

Grafana Labs: Mini Shai-Hulud npm Supply Chain Attack

"Here is the complete article."

Here is the complete article.

title: "Grafana Labs: Mini Shai-Hulud npm Supply Chain Attack" date: 2026-06-25 slug: grafana-tanstack-npm-supply-chain-attack

Grafana Labs: Mini Shai-Hulud npm Supply Chain Attack

Grafana Labs has confirmed that a supply chain attack tied to the compromised TanStack npm ecosystem led to the cloning of its private GitHub repositories. The company disclosed the incident following an internal investigation completed on May 27, 2026, and an independent forensic review by Mandiant. Investigators found no evidence of code tampering, repository poisoning, or malicious modifications in publicly distributed software, and confirmed that customer production systems and the Grafana Cloud platform were not compromised. The intrusion is attributed to the "Mini Shai-Hulud" campaign.

What Happened

The attack began on May 11, 2026, when malicious code executed on Grafana's self-hosted GitHub runners, exposing sensitive credentials. Grafana initially rotated all credentials it believed were affected, but a single overlooked token left a window open. Several days later, the threat actor used that token to regain access. By May 14, the attackers had committed unauthorized changes and launched large-scale cloning of internal repositories. Data exfiltration followed, and on May 16 the attacker issued a ransom demand, threatening to leak the stolen codebase. Grafana declined to pay, citing law enforcement guidance that discourages ransomware payments. The company says it identified the full attack chain within 48 hours of confirming the breach.

What Was Taken

While most of Grafana's codebase is open source, the exfiltrated data included private repositories containing internal tooling, operational data, and limited business contact information such as professional email addresses. Grafana emphasized that none of this data came from production environments or customer systems. No user data was accessed or impacted. The stolen material is primarily of value for reconnaissance, not for direct compromise of Grafana customers, though leaked internal tooling and operational details could inform future targeting.

Why It Matters

This incident is a textbook illustration of how a single missed credential can undo an otherwise rapid rotation effort. The attacker did not need a novel exploit to return; they simply reused a token that escaped the first cleanup pass. For defenders, the lesson is that credential rotation is only as strong as its completeness, and that self-hosted CI/CD runners remain a high-value pivot point. The "Mini Shai-Hulud" campaign also underscores the growing weaponization of the open-source npm supply chain, where trusted packages like TanStack become delivery vehicles for credential theft deep inside engineering pipelines.

The Attack Technique

The initial foothold came through malicious code in the TanStack npm dependency chain, which ran on Grafana's self-hosted GitHub runners and harvested credentials present in that build environment. The key technique enabling persistence was incomplete credential rotation: one overlooked token survived the first response and allowed the actor to re-authenticate days later. With that access, the attacker committed unauthorized changes and performed bulk repository cloning before exfiltrating data and pivoting to extortion. The pattern reflects the broader Mini Shai-Hulud playbook of abusing CI/CD credential leakage rather than exploiting software vulnerabilities directly.

What Organizations Should Do

  1. Treat self-hosted CI/CD runners as high-value targets. Isolate them, limit the credentials available in build environments, and avoid exposing long-lived tokens to untrusted dependency code.
  2. When responding to a credential exposure, enumerate every token, key, and secret exhaustively before declaring rotation complete. A single missed credential reopens the breach.
  3. Pin and vet npm dependencies, including transitive ones. Monitor for unexpected install-time or build-time scripts and isolate package installation from privileged secrets.
  4. Reduce GitHub application permissions to the minimum required, audit installed apps regularly, and be prepared to suspend all integrations during an incident.
  5. Run cross-platform audits spanning your source control, secrets management, identity, and cloud environments (such as GitHub, Vault, Okta, Kubernetes, AWS, and GCP) to validate integrity and confirm containment.
  6. Scan repositories for indicators of compromise after any suspected credential leak, and revert unauthorized changes once the full attack chain is mapped.

Sources: Grafana Confirms TanStack npm Supply Chain Attack Led to GitHub Repository Cloning