SlowMist: Grafana is suspected to have been attacked, and the attacker may have stolen the private key and implanted malicious code

04-27

This article is machine translated

Show original

According to the security alert released published by the chief information security officer @im23pds from Slow Fog, the open-source data visualization tool Grafana appears to have been attacked. The attacker used Gato-X to steal signature keys and infiltrated multiple code repositories by abusing application tokens. Preliminary analysis suggests that the attacker might have injected JavaScript code by forging malicious branch names to steal sensitive information, with targets including generating high-privilege GitHub tokens using tibdex/github-app-token, tampering with the grafana/grafana repository, and implantinganting a covert backdoor. Slow Fog warns users to remain vigilant.

Source

Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.

Add to Favorites

Comments

Relevant content

Bitpush

Earning a million at the start of 2026: "God of War" Vida recounts the entire trading process of the BROCCOLI714 incident.

PANews

How did BROCCOLI714, a trader with a market value of $40 million, profit millions of dollars from a buy order of $26 million?

BlockTempo

The list is out! Taiwan & Chinese Blockchain's "30 Most Influential People of the Year": Insights into Key Trends in the 2026 Web3 Market

ETH

0.48%