Icarus

Also known as mr bean
Reports
18
First seen
Jun 16
Last seen
Jun 25
Motivation
extortion, financial extortion, financial

Targeting

Sectors
technology ×5other ×1financial services ×1
Victim regions
United States ×4

Top ATT&CK techniques

T1005 Data from Local System ×4T1195 Supply Chain Compromise ×4T1041 Exfiltration Over C2 Channel ×3T1078 Valid Accounts ×3T1567.002 Exfiltration Over Web Service: Exfiltration to Cloud Storage ×3T1528 Steal Application Access Token ×3T1566 Phishing ×3T1526 Padding ×2T1059 Command and Scripting Interpreter ×2T1550.001 Use Alternate Authentication Material: Application Access Token ×2T1087 Account Discovery ×2T1592 Gather Victim Org Information ×1

Indicators

domain ×27cve ×9ip_v4 ×8email ×1

Indicator values are available on Pro and via the API.

Associated CVEs

Recent reports

High

ThreatsDay Bulletin: Smart TV Proxyware, curl Vulnerabilities, API Platform Flaws, and Ransomware Trends

The Hacker News
High

LastPass confirms data breach in Klue supply chain attack

Bleeping Computer
High

Icarus ransomware gang claims new victim

ransomware.live
Medium

Icarus ransomware gang publishes new victim

ransomware.live
Medium

Icarus ransomware gang publishes new victim

ransomware.live
High

Icarus ransomware claims Huntress as new victim

ransomware.live
Medium

Icarus ransomware gang claims HDS (Hdscorp) victim

ransomware.live
Medium

Icarus ransomware claims new victim: Gms-net

ransomware.live
Medium

Icarus ransomware group claims new victim: Cqcrm

ransomware.live
High

Icarus ransomware gang claims Cbassociations victim

ransomware.live
High

Check Point Threat Intelligence Report – 22 June 2026

Check Point Research
High

Icarus ransomware publishes victim extortion notice

ransomware.live
High

Klue OAuth breach victim list grows as Icarus hackers claim attack

Bleeping Computer
High

Icarus ransomware claims Klue.com victim

ransomware.live
High

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

The Hacker News
High

Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks

Bleeping Computer
High

Klue Supply Chain Breach Exposes CRM Data at Huntress and 200+ Companies

Huntress Blog
Critical

Icarus ransomware publishes TheCreditPros breach: 263MB of PII and payment card data

ransomware.live

This page shows data on a 7-day delay. Free accounts get the full delayed feed; real-time reports, indicators, and the API start at $29/mo.