Grafana Labs GitHub token breach — CoinbaseCartel Pwn-Request exfiltrates private codebase

UPDATE (originally covered 2026-W21): Grafana Labs issued an official 2026-05-18 confirmation of the GitHub Pwn-Request breach previously reported in the 2026-W21 weekly summary (SecurityWeek, 2026-05-18; BleepingComputer, 2026-05-18; The Register, 2026-05-18). The material new disclosures in the 2026-05-18 confirmation: Grafana explicitly states (a) only source code was accessed — "no personal or customer information was stolen"; (b) the incident has not impacted customer systems or operations; (c) the ransom was refused. The technical-mechanism details (pull_request_target workflow misconfiguration, forked-PR injection of a curl command, harvested write-scoped GitHub token, canary-token detection) were previously reported in the 2026-W21 weekly summary citing THN's earlier coverage (The Hacker News, 2026-05-17); they are repeated here as context for defenders who did not catch the weekly. CoinbaseCartel is assessed by THN as an offshoot of the ShinyHunters / Scattered Spider / LAPSUS$ ecosystem and has accumulated ~170 victims since September 2025.

Defender takeaway: Grafana OSS is the de facto monitoring/observability platform in EU/CH public-sector SOC and NOC environments; defenders should monitor non-official Grafana plugin updates and unsigned Grafana agent builds for the next 30 days as a potential supply-chain trojanisation follow-on. The Pwn-Request attack pattern is the same class of CI/CD misconfiguration covered by SentinelOne's Living off the Pipeline taxonomy (referenced 2026-05-16); audit every pull_request_target workflow to ensure no privileged steps run on untrusted-fork code, set permissions: read-all at workflow level and elevate only as needed, and separate privilege-requiring steps into a second workflow_run workflow gated on merged code. MITRE T1195.002 / T1552.004 / T1567.

On 2026-05-16, Grafana Labs disclosed that CoinbaseCartel — a data-extortion group active since September 2025, focusing exclusively on theft without encryption — exploited a pull_request_target GitHub Actions workflow misconfiguration ("Pwn Request") to exfiltrate a privileged GitHub token and clone the private codebase. The attack vector: fork a public repository, inject curl into the pull_request_target workflow to dump environment variables to an encrypted file, delete the fork to erase evidence. Grafana detected the exfiltration via a triggered canary token embedded in the private code (not from automated secrets-scanning). Ransom was demanded and rejected. Grafana confirmed no customer data, production systems, or running infrastructure was accessed — the exposure was private source code. The canary-token detection is an instructive model; the pull_request_target vulnerability class is the same pattern documented in tj-actions/changed-files (SLSA gap).

Hunt for this in your own GitHub organisation: audit logs for pull_request_target workflow runs where head_repository.owner differs from the base repository owner.