Coordinated Grafana Exploitation Attempts on 28 September
ATT&CK techniques detected
T1190Exploit Public-Facing Application
65%
"coordinated grafana exploitation attempts on 28 september for executive audiences, please see the accompanying situation report ( sitrep ) for this activity. on 28 september 2025, greynoise observed a sharp one - day surge of exploitation attempts targeting cve - 2021 - 43798 — a…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
32%
"two ips geolocated to china are worth highlighting : - 60. 186. 152. 35 - 122. 231. 163. 197 both belong to chinanet - backbone, were first observed on 28 september, active only that day, and overwhelmingly focused on grafana. threat context exploitation of older, high - impact v…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
GreyNoise observed a sharp one-day surge of exploitation attempts targeting CVE-2021-43798 — a Grafana path traversal vulnerability that enables arbitrary file reads. All observed IPs are classified as malicious.