A threat group calling itself Icarus has claimed responsibility for a SaaS supply chain attack that extracted CRM data from Salesforce environments belonging to customers of Klue, a competitive intelligence software company, using OAuth tokens stolen through a compromised legacy integration credential. Salesforce disabled the Klue integration on June 11, 2026, after detecting unusual activity. By June 19, Icarus had listed Klue on its leak site and issued extortion demands to at least one affected organisation.
The incident expands a class of attack that previously hit Salesloft Drift and Gainsight integrations with Salesforce: gain persistent access to a third-party SaaS vendor’s integration layer, steal OAuth tokens that connect that vendor to customer environments, and query downstream CRM data at volume without triggering standard authentication controls.
How the Attack Unfolded
Klue’s post-incident account identifies the entry point as a dormant integration service account, originally created for a prototype third-party integration the company later abandoned. The credential remained active. Icarus obtained it — the specific acquisition method has not been disclosed — and used it to push a code update to Klue’s integration infrastructure that harvested OAuth tokens from connected customer Salesforce instances.
From that point, the attack operated as an authorised Salesforce integration. ReliaQuest’s analysis found that the attacker’s automated Python scripts — identifiable by Python-urllib user-agent strings — enumerated each connected organisation’s object catalogue via the Salesforce REST API, then executed looped queries using the QueryMore cursor for data extraction windows exceeding 24 hours in some environments. In at least one case, a burst of nearly a thousand API queries ran within 15 minutes.
The data extracted centred on Salesforce CRM records: business contacts, price quotes, deal pipeline data, and sales communications. Huntress, a cybersecurity vendor, confirmed it was among those affected and stated that no threat data, passwords, payment information, or engineering telemetry was accessed from its Salesforce environment. The full scope across Klue’s customer base has not been disclosed.
On June 16, some Huntress employees received extortion email with the subject line “top secret email” containing a 48-hour deadline and a demand to contact Icarus via Session, a privacy-focused messaging application. Klue was formally listed on Icarus’s leak site on June 19.
Threat Actor Assessment
Icarus is a newly active group, with a leak site placing their first activity at April 28, 2026. They have claimed two victims to date. Their tactics — legacy credential abuse, OAuth token pivoting, REST API data exfiltration, and platform-agnostic extortion via encrypted messaging — closely mirror the playbook associated with ShinyHunters and UNC6395. Huntress has stated that available indicators do not suggest current connections between Icarus and those prior groups, but the operational similarity warrants monitoring.
The attack does not appear to exploit any vulnerability in Salesforce itself. Salesforce has characterised the issue as limited to Klue’s integration connection. The attack surface is entirely within Klue’s integration credential management and the non-human identity governance of customer Salesforce environments.
Why This Model Is Scaling
The structural condition that enabled this attack exists across a large fraction of enterprise SaaS estates. Integration accounts — credentials held by third-party SaaS tools to access platform data on behalf of customers — are typically provisioned with broad access and monitored less carefully than employee identities. Service account sprawl is an established problem; what this incident illustrates is the specific risk of OAuth tokens held by third parties, which grant access that appears as the vendor rather than an individual user.
When Icarus queried Salesforce through Klue’s stolen tokens, from Salesforce’s perspective, Klue was making authenticated requests. Standard login monitoring, which flags unusual locations, impossible travel, or credential deviations, would not flag traffic from an identity that always comes from Klue’s infrastructure. The 24-hour automated query loop ran undetected for that reason.
ReliaQuest notes that this pattern — compromising one SaaS vendor to gain access to hundreds of enterprise environments via trusted integrations — has become a defined attack category. A single supply chain vendor with deep CRM, ERP, or collaboration platform integrations represents a concentrated access inventory. Targeting that vendor bypasses the security controls that direct enterprise attacks must defeat.
Recommended Actions
Audit all active OAuth integrations in Salesforce and other CRM platforms. Review connected applications, identify non-human identities with data access, verify each integration still corresponds to an active vendor relationship, and revoke tokens for integrations that have been abandoned, changed, or deprecated.
Apply the principle of least privilege to integration credentials. Integration service accounts should hold the minimum scope required for their stated function. Accounts created for prototyping should be deprovisioned at the end of the prototyping phase, not left active.
Implement API monitoring for integration traffic patterns. Burst activity, extended query windows, and systematic object enumeration from integration accounts are detectable with API activity logging. Thresholds that trigger review for bulk extraction patterns should not exempt integration accounts from scrutiny.
Monitor Icarus communications and leak site. If your organisation uses Klue or has shared integration infrastructure with Klue-adjacent vendors, treat your Salesforce data as potentially compromised pending confirmation from Klue. Contact Klue’s incident response team directly for scope confirmation.