Inside the Coinbase Cartel: How Infostealer Credentials Fueled a 100+ Company Ransomware Spree

Hudson Rock's report profiles Coinbase Cartel, an extortion-only ransomware group active since 2025 that leverages years-old Infostealer-derived credentials to quietly access cloud/FTP/file-sharing infrastructure, exfiltrate corporate data, and publish leaks across 100+ high-value victims (healthcare, tech, transportation, etc.); the report includes correlation analysis with Hudson Rock’s Cavalier database, five detailed case studies (Aptim, Canada Goose, Efficy, The Epoch Times, RAKS), and a warning about the long-lived risk posed by compromised credentials.