UAE realty firms named in alleged breaches by “Coinbase Cartel” group

Group did not provide technical indicators of compromise, sample data, or timelines tied to each organisation

By
TCN Bureau
-
Coinbase Cartel
Google search engine

A cyber extortion outfit calling itself the “Coinbase Cartel” claims to have breached systems at multiple organisations, with a primary focus on real estate firms in the United Arab Emirates.

According to Daily Dark Web, the group published a list of alleged victims on its leak site, but the claims have not been independently verified and the affected companies have not widely commented.

The entities names:

  • Sotheby’s International Realty (UAE)
  • One Broker Group (UAE)
  • Coldwell Banker UAE
  • Hunt & Harris Real Estate (UAE)
  • Betterhomes (UAE)
  • Savills Middle East / Cluttons (UAE)
  • Harbor Real Estate (UAE)
  • Elysian Real Estate (UAE)
  • Homes 4 Life (UAE)
  • Arabian Escapes (UAE)
  • Acu Trans Solutions (US), a medical transcription and business services company based in Irvine, California

The group did not immediately provide technical indicators of compromise, sample data, or timelines tied to each organisation. It is common for extortion groups to list targets to pressure negotiations even before data exfiltration is confirmed.

What’s at risk

  • Real estate firms typically hold sensitive client PII, property transaction records, escrow details, passport and visa copies, tenancy contracts, and financial documentation—all attractive to threat actors for identity theft and fraud.
  • Cross-border exposure is possible for multinational brokerages operating shared platforms across regions.

Recommended actions for named firms

  • Incident response: Activate IR plans, isolate affected systems, and engage external forensics. Preserve logs for at least 90 days; collect EDR telemetry and VPN/firewall logs.
  • Verification: Seek indicators published by the group; monitor dark web/leak sites for samples; coordinate with national CSIRTs and Dubai/UAE cyber authorities.
  • Containment: Reset privileged credentials, rotate API keys, and enforce phishing-resistant MFA (FIDO2/WebAuthn). Review third-party access and disable unused integrations.
  • Data protection: Assess exposure of customer PII and payment/escrow data; prepare notification drafts aligned with UAE data regulations and contractual obligations.
  • Hardening: Patch internet-facing services (VPNs, email gateways, CMS/CRM), audit cloud IAM, enable geo-fencing and conditional access, and deploy immutable backups with tested restores.
  • Communication: Establish a holding statement; brief staff on phishing lures referencing the incident; coordinate with legal and insurers.

Discover more from TechChannel News

Subscribe to get the latest posts sent to your email.

Advertisment