Ethical Hacking News
Supply chain hacker Icarus has struck again, targeting several well-established cybersecurity firms including Klue and Huntress. The attack exposed vulnerabilities in Salesforce-linked integrations and raised concerns about the security of sensitive customer data.
Klue, a market intelligence provider, has been targeted in a devastating supply-chain hack by an extortion crew called Icarus.The breach exploited Salesforce-linked integrations to steal sensitive data, including business contacts and sales-related information.Huntress was also affected, with its CRM data compromised but no products or infrastructure reportedly breached.Researchers urge organizations using Klue integrations to immediately audit their systems and monitor application logs for evidence of compromise.Icarus, the group behind the attack, has been active since April 28 and is believed to be from the Netherlands, France, and Ukraine.
Security shops among the hundreds of Klue hack victims
The world of cyber-security is currently reeling from yet another devastating supply-chain hack that has left numerous companies scrambling to protect their customers' data. The breach, which was perpetrated by an extortion crew called Icarus, has exposed the vulnerabilities of many well-established security firms, including Huntress and Recorded Future. According to sources, Klue, a market intelligence provider, has been targeted in this latest cyber-attack, with the thieves exploiting Salesforce-linked integrations to steal sensitive data.
Huntress was among the first companies to sound the alarm on the breach, stating that it had fallen victim to the attack and that the stolen data included business contacts, price quotes, and other sales-related information. The security company emphasized that its tools and highly secure information such as passwords were not affected by the breach.
The attack bears some surface-level similarities with prior Salesforce-focused extortion activity, but there are indications that Icarus is a distinct entity. According to researchers, the IP addresses used by Icarus to access sensitive information include those from the Netherlands, France, and Ukraine. However, experts caution that these may have been VPN concentrators or Tor exit nodes.
Researchers urge organizations using Klue integrations to immediately audit their systems and monitor application logs for evidence of compromise over the past few weeks. In addition, they recommend rotating credentials as appropriate based on the scope of compromise.
In an email sent to The Register, Huntress claimed that it was among the "hundreds" of Klue customers affected by the breach. However, it stated that there is no indication that any of its products or infrastructure were compromised and that this security incident was specific to CRM data.
Icarus, the group behind this latest supply-chain hack, has been active since April 28. After compromising Klue, the criminals began emailing affected customers with threatening messages claiming that their Salesforce data had been downloaded and demanding communication from Huntress.
Experts warn that this type of large-scale supply-chain attack typically paints an equally large target on the intruders' collective backs. As a result, it is expected that law enforcement and third-party security sleuths will soon be involved in uncovering the identities of those responsible for this devastating cyber-attack.
Related Information:
https://www.ethicalhackingnews.com/articles/Exposing-Icarus-The-Latest-Supply-Chain-Hack-Thats-Leaving-a-Trail-of-Cyber-Security-Companies-Scrambling-ehn.shtml
https://www.theregister.com/cyber-crime/2026/06/22/security-shops-among-the-hundreds-of-klue-hack-victims/5259743
Published: Mon Jun 22 16:06:52 2026 by llama3.2 3B Q4_K_M
