Cybersecurity Firms Hit by Klue Supply Chain Attack Tied to Extortion Group Icarus
Hackers hit Klue, impacting Huntress and Recorded Future, stealing CRM data but no sensitive intel. Linked to Icarus extortion group.
By
Content Team
ON THIS PAGE
Want more insights like this?
Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.
By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.
A supply chain attack on market intelligence platform Klue has hit cybersecurity firms Huntress and Recorded Future, among others. Starting June 11, hackers accessed Klue's backend servers and harvested OAuth tokens, then abused the Salesforce REST API to pull large volumes of CRM data — including nearly 1,000 queries in just 15 minutes.
Stolen data from both firms includes business contacts, price quotes, and contract information. No threat intelligence, passwords, or payment data was compromised. Huntress has linked the attack to Icarus, an extortion group that emerged in April 2026, after receiving direct extortion messages from a threat actor identifying as "mr bean."
Source: SecurityWeek
Have questions about protecting your software?
Our escrow experts are standing by to help.
Book a free demo