18-10-25, 02:34 PM
izoologic.com/region/uk/coinbase-cartel-a-newly-emerged-ransomware-group-redefinisng-data-extortion/
www.ransomware.live/group/coinbasecartel
dailysecurityreview.com/cyber-security/coinbasecartel-threatens-to-publish-sk-telecom-source-code-unless-ransom-talks-start/
Threat Actor Profile
Group Name: Coinbase Cartel
Motivation: Financial – pure extortion through stolen data
Target Sectors: Logistics, Law Firms, Technology, Business Services, Media & Information, Banking, Telecommunications
Geographic Focus: South Korea, Canada, Israel, United States, Japan, Europe
Victim Profile:
Coinbase Cartel has targeted organizations across logistics, banking, telecommunications, technology, law firms, and business services, with confirmed victims spanning South Korea, Canada, Israel, the United States, Japan, and Europe. Notable names include Desjardins Group, AdScale, CEVA Logistics, Wakefield & Associates, and NTT Data.
Attack Vectors
Victims face sensitive data exposure, reputational damage, and amplified media involvement. The absence of encryption allows operations to continue, but reputational and legal risks escalate as staged leaks progress.
www.ransomware.live/group/coinbasecartel
dailysecurityreview.com/cyber-security/coinbasecartel-threatens-to-publish-sk-telecom-source-code-unless-ransom-talks-start/
Threat Actor Profile
Group Name: Coinbase Cartel
Motivation: Financial – pure extortion through stolen data
Target Sectors: Logistics, Law Firms, Technology, Business Services, Media & Information, Banking, Telecommunications
Geographic Focus: South Korea, Canada, Israel, United States, Japan, Europe
Victim Profile:
Coinbase Cartel has targeted organizations across logistics, banking, telecommunications, technology, law firms, and business services, with confirmed victims spanning South Korea, Canada, Israel, the United States, Japan, and Europe. Notable names include Desjardins Group, AdScale, CEVA Logistics, Wakefield & Associates, and NTT Data.
Attack Vectors
- Exposed or hardcoded credentials in source code
- Leaked repository access keys (e.g., AWS, Bitbucket, GitHub)
- Insider-assisted access verification
- Poor segmentation exposing internal tools and repositories
- Credential access via valid accounts, cloud credentials, and repositories.
- Data collection and staging from internal systems.
- Staged leaks to apply pressure during extortion.
- Professional negotiations with proof-of-data packages.
- Partnership outreach offering fixed-rate or revenue-sharing deals.
Victims face sensitive data exposure, reputational damage, and amplified media involvement. The absence of encryption allows operations to continue, but reputational and legal risks escalate as staged leaks progress.
