Icarus Threat Group Exploits Klue OAuth Breach to Access Salesforce Data

A security breach involving Klue has enabled the Icarus threat group to steal sensitive customer data from multiple Salesforce environments through compromised OAuth credentials tied to Klue’s Battlecards integration. According to reports and investigations by ReliaQuest and Huntress, the attackers used automated scripts to query Salesforce APIs and exfiltrate CRM data, including customer contacts, sales communications, and account information. In response, Salesforce disabled the affected integration while the incident is being investigated. The campaign, attributed to the Icarus extortion group, underscores the security risks associated with third-party OAuth integrations and the importance of protecting access tokens and connected applications.

Reference: scworld.com