PANews reported on April 27 that 23pds, the chief information security officer of SlowMist Technology, posted on the X platform that the open source data visualization tool Grafana was recently suspected of being attacked. The attacker used Gato-X to steal confidential signatures and attacked multiple code bases with App tokens. This workflow has a potentially related application private key. The suspected attacker used a carefully designed branch name to inject JavaScript code and steal confidential information. It seems that the real purpose of the attacker submitting these codes may be: 1. Generate a high-privilege GitHub Token through tibdex/github-app-token. 2. Use this Token to manipulate the code, branches, and even release process of the grafana/grafana warehouse. 3. Push hidden backdoor code in the future, or tamper with certain version packages.