apt73

Ransomware group profile

51Victims

Czech RepublicSource country

65Impact score

Also Known As

Bashe

APT73

Apt 73

Description

Eraleign is a high-profile ransomware group that specializes in advanced cyberattacks targeting large organizations for maximum financial gain. Known for their sophisticated encryption methods and double extortion tactics, they employ custom-built malware to infiltrate networks and have shifted their focus towards critical infrastructure and supply chain attacks.

Key insights

•Utilizes rapid encryption methods and multi-stage infection chains.
•Targets multiple sectors, especially critical infrastructure and healthcare.
•Employs double extortion tactics by threatening to leak stolen data.
•Gains initial access via phishing campaigns and known vulnerabilities.
•Demonstrates a trend towards leveraging REvil's toolkit and tactics.

Industries

Education Energy & Utilities Financial Services Government & Defense Healthcare Manufacturing Other Professional Services Retail & E-Commerce Technology Transportation

Threat Level & Status Breakdown

For apt73 · Based on incidents in selected period

3.3threat level

Aggressiveness8/ 10

Lethality0/ 10

Criticality1.8/ 10

Status Breakdown

Claimed100.0%51

First seenApr 2026

Last seenJun 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 2, 2026

Recent activity

Monthly attack count for apt73 in the selected period

51Total attacks

43peak in Apr

17avg / month

↓ 42 vs first month

No intelligence data for this group.

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for apt73

Other

T1486

T1490

T1562

T1040

T1071

T1078

T1059

T1021

T1021.001

T1547

Victims(141)

Company	Domain	Country	Industry	Status	Discovered
elections.mia.gov.am from WOLVES OF TURAN	—	AM Armenia	Government & Defense	Claimed	1 day ago
elections.mia.gov.am from WOLVES OF TURAN	—	AM Armenia	Government & Defense	Claimed	1 day ago
elections.mia.gov.am from WOLVES OF TURAN	—	AM Armenia	Government & Defense	Claimed	1 day ago
tkgm.gov.tr	—	TR Turkey	Government & Defense	Claimed	12 days ago
tkgm.gov.tr	—	TR Turkey	Government & Defense	Claimed	12 days ago
minsa.com.mx	—	MX Mexico	Manufacturing	Claimed	12 days ago
tkgm.gov.tr	tkgm.gov.tr	TR Turkey	Government & Defense	Claimed	12 days ago
minsa.com.mx	minsa.com.mx	MX Mexico	Manufacturing	Claimed	12 days ago
minsa.com.mx	minsa.com.mx	MX Mexico	Manufacturing	Claimed	12 days ago
tvnmedia.com	—	PA Panama	Technology	Claimed	12 days ago
tvnmedia.com	—	PA Panama	Technology	Claimed	12 days ago
tvnmedia.com	tvnmedia.com	PL Poland	Technology	Claimed	12 days ago
grupopetersen.com.ar	—	AR Argentina	Financial Services	Claimed	13 days ago
alkaloid.com.mk	—	MK North Macedonia	Healthcare	Claimed	13 days ago
alkaloid.com.mk	—	MK North Macedonia	Healthcare	Claimed	13 days ago
narit.or.th	—	TH Thailand	Government & Defense	Claimed	13 days ago
narit.or.th	—	TH Thailand	Government & Defense	Claimed	13 days ago
grupopetersen.com.ar	grupopetersen.com.ar	AR Argentina	Financial Services	Claimed	13 days ago
grupopetersen.com.ar	grupopetersen.com.ar	AR Argentina	Other	Claimed	13 days ago
narit.or.th	narit.or.th	TH Thailand	Government & Defense	Claimed	13 days ago

Page 1 of 8

Affected countries(46)

Countries where this group has been reported to target or leak victims.