A supply chain attack on market intelligence platform Klue, carried out June 11–12, has now been confirmed by roughly two dozen customers, including AlertMedia, Blackbaud, Deel, and Tines. Hackers used legacy credentials to steal OAuth tokens and bulk-exfiltrate Salesforce data. Salesforce and Gong both disabled the Klue integration on June 17.
The threat actor, Icarus, demanded ransom via a Tor leak site — but then got hacked themselves. A second group reportedly stole sample data from Icarus and launched their own extortion campaign. Klue, which has hundreds of customers, says Icarus has begun deleting the stolen data, suggesting a ransom may have been paid.
Source: SecurityWeek