THREATNOIR
Subscribe
Back to Feed
BreachesMay 15, 2026

Ícaro Cloud Allegedly Breached: Firewall Configs, VPN Keys, TLS Certificates, and Internal Network Data Exposed Across 20 Spanish Corporate Networks

Ícaro Cloud MSP breached; firewall configs, VPN keys, TLS certs exposed across 20 Spanish networks.

Read at source

Summary

A threat actor claims to have breached Ícaro Cloud S.L., a Spanish managed service provider, exposing sensitive data from 20 client networks including firewall backups, VPN keys, TLS certificates, administrator credentials, and internal network topology. The exposed material spans multiple industry sectors (accounting, education, IT, chemicals, hospitality, real estate, transport, healthcare, manufacturing) and allegedly comprises 3,500+ OPNsense configuration backups. The actor claims the breach resulted from reused MSP credentials and is offering the data for sale on underground channels.

Full text

Breach Report · Spain Ícaro Cloud Allegedly Breached: Firewall Configs, VPN Keys, TLS Certificates, and Internal Network Data Exposed Across 20 Spanish Corporate Networks A threat actor claims to have breached Ícaro Cloud S.L., an Alicante-based managed service provider in Spain, allegedly exposing sensitive configuration data across 20 client networks. The actor alleges the exposed material includes firewall backups, VPN-related secrets, TLS certificates, administrator hashes, plaintext passwords, VLAN maps, and historical network data. Post details Actormacaroni SectorManaged Service Provider / Corporate IT / Network Security TypeData Breach Records20 corporate networks and 3,500+ OPNsense configuration backups CountrySpain Date15/05/2026 Compromised data Firewall configuration backups allegedly linked to Ícaro Cloud-managed client networks VPN-related key material and TLS certificate data Administrator hashes and plaintext password references VLAN maps and internal network segmentation details Historical configuration archives spanning multiple client environments Client network records allegedly affecting organizations across accounting, education, IT services, chemicals, hospitality, real estate, transport, healthcare, and manufacturing sectors The actor claims the exposed material was obtained from reused MSP credentials and is being offered for sale through underground channels. Screenshots Screenshot 1 Screenshot 2 Stop guessing what's redacted. Subscribers see everything → darkwebinformer.com/pricing

Indicators of Compromise

  • malware — OPNsense

Entities

Ícaro Cloud S.L. (vendor)Actormacaroni (threat_actor)OPNsense (product)VPN (technology)TLS/SSL (technology)