Post-incident review for TanStack npm supply chain ransom incident
Blog post from Grafana Labs
In response to a supply chain ransom incident involving TanStack, Grafana Labs conducted an extensive investigation and remediation effort, confirming that there was no unauthorized access to customer production systems or alteration of their codebase. The incident, which began on May 11 with the Mini Shai-Hulud campaign, involved the cloning of repositories after an overlooked credential allowed a bad actor access. Despite a ransom demand, Grafana Labs, adhering to its principles and FBI guidance, opted not to pay. The company engaged cybersecurity firm Mandiant to conduct an independent audit, which corroborated Grafana's findings of no code tampering or compromised customer systems. Following the incident, Grafana Labs implemented a robust security strategy, including global code freezes, comprehensive audits, and enhanced security operations, while maintaining transparency with their community. The company continues to improve its security posture by employing token brokers, fine-grained access controls, and more restrictive GitHub actions, committing to ongoing efforts to strengthen their security infrastructure.
| Trend | Post Mentions | Total Month Mentions | Posts | Companies | MoM |
|---|---|---|---|---|---|
| Secrets Management | 3 | 2,063 | 322 | 117 | -4% |
| Kubernetes | 1 | 1,993 | 294 | 100 | +1% |