- Klue recently suffered a cyberattack at the hands of Icarus
- Icarus was apparently deleting stolen customer data.
- An anonymous group claims to have stolen Icarus data and is now directly extorting Klue customers.
Earlier this month, market research provider Klue suffered a cyberattack that impacted major companies such as LastPass, Gong, Jamf, HackerOne, Huntress and others.
Klue has since revealed that it is in contact with the Icarus ransomware group, which claims to have been in possession of stolen data and was threatening to leak it in an attempt to extort money from the company.
But a second, anonymous group has emerged that claims to have broken into the environment of a member of the Icarus group to steal customer data stolen by Icarus from Klue. Apparently, this second group is now attempting to extort Klue’s clients directly, much to Icarus’ chagrin.
Hackers hacked by hackers
An update shared privately with Klue customers Wednesday night and seen by TechCrunch said: “We continue to communicate with the threat actor we have been in contact with (‘Icarus’). Icarus told us that they are taking steps to delete data taken from Klue customers. The Icarus site remains down and we have indications that Icarus is indeed taking steps to delete data taken from Klue customers.”
Icarus later informed Klue that the second group was attempting to extort Klue clients using the same data, having published a list of affected companies on its own website. In addition to this list, they also claimed to have stolen Icarus customer data, after one of the members of the Icarus group accidentally allowed the group to connect to the server hosting the stolen data.
Although there is no evidence that Klue paid the Icarus group, the anonymous group also published a statement that Klue had paid an “Icarus operator who is a teenager living somewhere in the United Kingdom or adjacent countries” to delete the stolen data.
Another statement issued by Klue to its clients said that Icarus had assured it that the anonymous group only had samples of the stolen data, not the entire set. It also said that “Icarus has asked us to inform Klue customers not to make payments to this other party.”
Klue also suggested that his clients should ask the second group for random samples of their data to demonstrate whether or not they had actually obtained the full set of stolen client data.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
