Klue recently suffered a cyber attack at the hands of IcarusIcarus was apparently deleting the stolen customer dataAn unnamed group claims to have stolen the data from Icarus, and is now extorting Klue customers directly

Earlier this month, market research provider Klue suffered a cyberattack with the knock-on effects hitting major companies such as LastPass, Gong, Jamf, HackerOne, Huntress and others.

Klue has since revealed it is in contact with the Icarus ransomware group, who claim to have been in possession of stolen data and were threatening to leak the data in an attempt to extort the company.

But a second, unnamed group has emerged, which claims to have broken into a member of the Icarus group’s environment to steal the customer data stolen by Icarus from Klue. This second group is now apparently attempting to extort Klue customers directly, much to the annoyance of Icarus.

Hackers hacked by hackers

An update shared privately with Klue customers on Wednesday night and seen by TechCrunch said, “We continue to communicate with the threat actor we have been in contact with (‘Icarus’). Icarus told us they are taking steps to delete the data taken from Klue customers. The Icarus site remains down and we have indications that Icarus is indeed taking steps to delete data taken from Klue customers.”

Icarus later informed Klue that the second group was attempting to extort Klue customers using the same data, having posted a list of affected companies on its own website. Alongside this list, they also claimed to have stolen the customer data from Icarus, after one of the Icarus group accidentally allowed the group to connect to the server hosting the stolen data.

Although there is no evidence that Klue has paid the Icarus group, the unnamed group also posted a statement that an “Icarus operator who is a teenager living somewhere in the UK or adjacent countries” had been paid by Klue to delete the stolen data.

A further communique issued by Klue to its customers said that it had been reassured by Icarus that the unnamed group only had samples of the stolen data, not the full set. It also said that, “Icarus has asked us to inform Klue customers to not make payment to this other party.”

Klue also suggested that its customers should ask the second group for random samples of their data to prove whether or not they actually had obtained the full set of stolen customer data.