A threat actor claims to have breached Ícaro Cloud S.L., an Alicante-based managed service provider in Spain, allegedly exposing sensitive configuration data across 20 client networks. The actor alleges the exposed material includes firewall backups, VPN-related secrets, TLS certificates, administrator hashes, plaintext passwords, VLAN maps, and historical network data.

• Firewall configuration backups allegedly linked to Ícaro Cloud-managed client networks
• VPN-related key material and TLS certificate data
• Administrator hashes and plaintext password references
• VLAN maps and internal network segmentation details
• Historical configuration archives spanning multiple client environments
• Client network records allegedly affecting organizations across accounting, education, IT services, chemicals, hospitality, real estate, transport, healthcare, and manufacturing sectors

The actor claims the exposed material was obtained from reused MSP credentials and is being offered for sale through underground channels.