A popular developer of open source analytics software has revealed that a recent data breach and extortion incident was caused by the Mini Shai-Hulud campaign which compromised TanStack packages.

Grafana Labs, which makes the AI-powered visualization app Grafana, said on May 17 that it had discovered an unauthorized attacker had downloaded its codebase after accessing the firm’s GitHub environment.

In an update this week, the developer shared more about the incident, revealing that it first spotted the malicious activity on May 11 and tied it to the TanStack supply chain attacks.

TeamPCP threat actors compromised dozens of TanStack npm packages with credential-stealing malware targeting CI/CD environments including GitHub Actions.

This meant that when a malicious package was released, Grafana’s CI/CD environment automatically consumed it and the infostealer executed to exfiltrate GitHub workflow tokens.

“We performed analysis and quickly rotated a significant number of GitHub workflow tokens, but a missed token led to the attackers gaining access to our GitHub repositories,” Grafana admitted. “A subsequent review confirmed that a specific GitHub workflow we originally deemed not impacted had, in fact, been compromised.”

Read more on Shai-Hulud: Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

“As soon as we were contacted by the ransom gang, we launched mitigation efforts, which have included rotating automation tokens, implementing enhanced monitoring, auditing all commits since the May 11 incident, and significantly hardening our GitHub security posture,” Grafana continued.

Grafana Labs also shared that additional “internal operational information and other details” were taken by TeamPCP from its GitHub repositories, alongside the firm’s codebase.

“This includes business contact names and email addresses that would be exchanged in a professional relationship context, not information pulled from or processed through the use of production systems or the Grafana Cloud platform,” it said.

It reiterated that, at this stage, there’s no indication that customer production systems or operations have been compromised. 

The Ongoing Threat from Mini Shai-Hulud

The incident is just one example of the long tail of downstream victims emerging from this particular Mini Shai-Hulud campaign.

TanStack said the threat actors published 84 malicious versions across 42 @tanstack/* packages on May 11. The infostealer targeted not only GitHub Actions tokens but also GitLab, CircleCI, AWS, Google Cloud Platform, Azure, Kubernetes, HashiCorp Vault and package registry tokens.

The campaign didn’t just impact TanStack users. TeamPCP also broadened its reach to compromise OpenSearch npm versions, PyPI mistralai 2.4.6, PyPI guardrails-ai 0.10.1 and further @squawk packages.

This Mini Shai-Hulud campaign was particularly dangerous because TeamPCP compromised TanStack’s own CI/CD pipeline, meaning the malicious packages presented as valid and cryptographically signed. This ensured they bypassed any security filters that downstream developers may have been running in their environments.