Ransomware Group intelligence

Icarus

Active

Track Icarus with 2 published victims and 1 known leak locations in a single intelligence view.

Victims 2 Known published victims in this dataset

First discovered 2026-05-05 Earliest victim discovery date

Last discovered 2026-06-16 Latest victim discovery date

Inactive since 0 days Days since the latest known victim

Top country Indonesia 1 victims

Known locations 1 Leak or negotiation infrastructure tracked

Icarus is tracked by Breach House as a ransomware group with 2 published victims.

Indonesia is currently the most targeted country in this dataset.

1 known leak locations are currently associated with this group.

Top Countries

Distribution

Label	Type	Availability	Links
Leak location 1	Onion service	Unknown	`e6ujsppajgb756x7x5ykdryvlcjynltb52eiwi6pd4bfwo6hddd6neid.onion`

No sector intelligence available.

Ransom Notes (0)

▼

No ransom notes available for this group.

Tools Used

▼

No tools used available.

YARA Rules (0)

▼

No YARA rules available.

Indicators of Compromise (0)

▼

No IoCs available for this group.

Negotiation Chats (0)

▼

No negotiation chats available.

No external research sources linked yet.

Victims (2)

Search, filter and paginate the victim timeline for Icarus.

Type	Target	Discovered	Country	Business Category	Intel Link
Ransomware	thecreditpros.com id29931 View details	2026-06-16	United States	Finance / Legal / Insurance	—
TheCreditPros' Salesforce instance was breached and 263MB of data were taken from it, including: 01_input_fullcards.csv - 51,691 lines of full-info credit/debit cards: Id,First_Name__c,Last_Name__c,Middle_Name__c,Email__c,Credit_Card__c,CCV__c,Exp_Month__c,Exp_Year__c,SSN__c,DOB__c,Street_Address__c,City__c,State__c,Zip_Code__c,Mobile_Number__c,IP_Address__c,Transaction_ID__c,Status__c,CreatedDate 02_contacts_ssn.csv - 847,990 lines: Id,Name,FirstName,LastName,Email,Phone,MobilePhone,HomePhone,SSN_hidden_field__c,Birthdate,MailingStreet,MailingCity,MailingState,MailingPostalCode,Status__c,Bank_Account_Number__c,Bank_Name__c,Bank_Account_Type__c,CreatedDate 03_creditcards.csv - 722,403 lines: Id,Card_number__c,card_number_hidden__c,cvv__c,expiration_month__c,expiration_year__c,Active__c,BIN__c,Issuing_Bank__c,Prepaid__c,CreatedDate 04_leads.csv - 3,598 liens: Id,Name,FirstName,LastName,Email,Phone,MobilePhone,Street,City,State,PostalCode,Status,CreatedDate Pay or leak! Data stolen: PII, Credit cards ID 29931
Ransomware	Cazh.id id28847 View details	2026-05-05	Indonesia	IT	—
- User DB: 300,000 Users (Email, Hash, Phone, Address, DOB) for https://bkdp.cazh.id/. - KYC Vault: 7,800 Government IDs + 4,200 Selfies (including "Hold-to-Face" ID selfies). - 34 SQL Databases for associated schools (Students/Parents/Staff). - Corporate/Financial: Full Investor Database + partner documents - Collateral documents (Vehicle Registration Documents & Property Deeds) - Billing Proofs - Full src code of their services Data stolen: PII, SOURCE CODE, KYC ID 28847

Icarus

Overview

Top Countries

Known Leak Locations (1)

Top Activity Sectors