Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Grafana's codebase and other data were stolen via a supply chain attack that exploited a compromised token from the TanStack attack. The attackers accessed Grafana's GitHub repositories. This highlights the importance of rotating tokens and securing supply chains.

1. The attackers exploited a compromised token from the TanStack attack, which was not rotated, to access Grafana's GitHub repositories.
2. Grafana's codebase and other sensitive data were stolen, potentially compromising security and compliance.
3. The attack chain involved accessing Grafana's GitHub repositories, highlighting the importance of securing supply chains and monitoring for unauthorized access.
4. Detection opportunities include monitoring GitHub repository access and looking for unauthorized changes to codebase and sensitive data.

T1098.002: Exploited Public-Facing Application — supply chain attack

TanStack attack token, Grafana GitHub repository access, unauthorized code changes

Rotate tokens and secure supply chains by monitoring GitHub repository access and implementing strict access controls.