APT / THREAT GROUP
Icarus
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Icarus is a modular stealer software, written in .NET. One module is the open source r77 rootkit.
Threat Analysis
Icarus is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Icarus
Scope of Salesforce Attacks Expands as Icarus Leaks Data
Dark Reading· Jun 23, 2026
Klue OAuth breach victim list grows as Icarus hackers claim attack
BleepingComputer· Jun 19, 2026
Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks
BleepingComputer· Jun 18, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
win.icarusIcarus
External Intelligence
Malpedia: win.icarusResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.