Unnamed hackers steal stolen data from Icarus hackers responsible for Klue supply chain hack — and yes, it's as confusing as it sounds

News
By published

Data stolen by Icarus was then stolen by a second group

Back view of hooded internet criminal hacking laptop in the dark, stealing credit card details
(Image credit: Shutterstock)
  • Klue recently suffered a cyber attack at the hands of Icarus
  • Icarus was apparently deleting the stolen customer data
  • An unnamed group claims to have stolen the data from Icarus, and is now extorting Klue customers directly

Earlier this month, market research provider Klue suffered a cyberattack with the knock-on effects hitting major companies such as LastPass, Gong, Jamf, HackerOne, Huntress and others.

Klue has since revealed it is in contact with the Icarus ransomware group, who claim to have been in possession of stolen data and were threatening to leak the data in an attempt to extort the company.

But a second, unnamed group has emerged, which claims to have broken into a member of the Icarus group’s environment to steal the customer data stolen by Icarus from Klue. This second group is now apparently attempting to extort Klue customers directly, much to the annoyance of Icarus.

Latest Videos From

Hackers hacked by hackers

An update shared privately with Klue customers on Wednesday night and seen by TechCrunch said, “We continue to communicate with the threat actor we have been in contact with (‘Icarus’). Icarus told us they are taking steps to delete the data taken from Klue customers. The Icarus site remains down and we have indications that Icarus is indeed taking steps to delete data taken from Klue customers.”

Icarus later informed Klue that the second group was attempting to extort Klue customers using the same data, having posted a list of affected companies on its own website. Alongside this list, they also claimed to have stolen the customer data from Icarus, after one of the Icarus group accidentally allowed the group to connect to the server hosting the stolen data.

Although there is no evidence that Klue has paid the Icarus group, the unnamed group also posted a statement that an “Icarus operator who is a teenager living somewhere in the UK or adjacent countries” had been paid by Klue to delete the stolen data.

A further communique issued by Klue to its customers said that it had been reassured by Icarus that the unnamed group only had samples of the stolen data, not the full set. It also said that, “Icarus has asked us to inform Klue customers to not make payment to this other party.”

Klue also suggested that its customers should ask the second group for random samples of their data to prove whether or not they actually had obtained the full set of stolen customer data.

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.

Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with a robust academic framework for deconstructing complex international conflicts and intelligence operations, and the ability to translate intricate security data into actionable insights.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.