A supply chain attack on the market intelligence platform Klue impacted at least nine organizations, primarily cybersecurity firms, due to compromised credentials leading to unauthorized access to Salesforce integrations. Data exfiltrated included sensitive business information from Salesforce instances belonging to affected companies, including user names, titles, and email addresses. Klue has since revoked the compromised credentials and launched an investigation with CrowdStrike and law enforcement.
The threat actor, identified as Icarus, claimed responsibility for the attack and threatened to release stolen data unless negotiations occur by June 22.