apt73
Ransomware group profile
55Victims
Czech RepublicSource country
65Impact score
Also Known As
Bashe
APT73
Apt 73
Description
Eraleign is a high-profile ransomware group that specializes in advanced cyberattacks targeting large organizations for maximum financial gain. Known for their sophisticated encryption methods and double extortion tactics, they employ custom-built malware to infiltrate networks and have shifted their focus towards critical infrastructure and supply chain attacks.
Key insights
- •Utilizes rapid encryption methods and multi-stage infection chains.
- •Targets multiple sectors, especially critical infrastructure and healthcare.
- •Employs double extortion tactics by threatening to leak stolen data.
- •Gains initial access via phishing campaigns and known vulnerabilities.
- •Demonstrates a trend towards leveraging REvil's toolkit and tactics.
Threat Level & Status Breakdown
For apt73 · Based on incidents in selected period
4threat level
Aggressiveness10/ 10
Lethality0/ 10
Criticality1.7/ 10
Status Breakdown
Claimed100.0%55
First seenApr 2026
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 23, 2026
Recent activity
Monthly attack count for apt73 in the selected period
55Total attacks
43peak in Apr
18.3avg / month
↓ 38 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for apt73
- ns2.eraleignews.com
- basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion
- ns3.eraleignews.com
- basheqtvzqwz4vp6ks5lm2ocq7i6tozqgf6vjcasj4ezmsy4bkpshhyd.onion
- fleqwmg7xnanypt5km2m75l72q7nlcvlp2m4sdmgjxorsn6tb3zyp3qd.onion
- qcgv5tfer4f46ns6ohh72zeyyh5uavoiybypzpt3lmwk5ecyqykptgqd.onion
- eraleignews.com
- bashe4aec32kr6zbifwd5x6xgjsmhg4tbowrbx4pneqhc5mqooyifpid.onion
- wn6vonooq6fggjdgyocp7bioykmfjket7sbp47cwhgubvowwd7ws5pyd.onion
- ns4.eraleignews.com
- ns1.eraleignews.com
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for apt73
Other
T1486
T1486
T1490
T1490
T1562
T1562
T1040
T1040
T1071
T1071
T1078
T1078
T1059
T1059
T1021
T1021
T1021.001
T1021.001
T1547
T1547
Victims(150)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| gov.br | — | — | Government & Defense | Claimed | about 13 hours ago | |
| kliknklik.com | — | — | Retail & E-Commerce | Claimed | about 13 hours ago | |
| kliknklik.com | kliknklik.com | ID Indonesia | Retail & E-Commerce | Claimed | about 16 hours ago | |
| gov.br | gov.br | BR Brazil | Government & Defense | Claimed | about 16 hours ago | |
| viennaairport.com | — | — | Transportation | Claimed | about 16 hours ago | |
| viennaairport.com | viennaairport.com | AT Austria | Transportation | Claimed | about 18 hours ago | |
| smarty.arpinet.am | — | — | Technology | Claimed | 21 days ago | |
| smarty.arpinet.am | smarty.arpinet.am | AM Armenia | Technology | Claimed | 21 days ago | |
| smarty.arpinet.am | smarty.arpinet.am | AM Armenia | Technology | Claimed | 21 days ago | |
| elections.mia.gov.am from WOLVES OF TURAN | — | AM Armenia | Government & Defense | Claimed | 22 days ago | |
| elections.mia.gov.am from WOLVES OF TURAN | elections.mia.gov.am | AM Armenia | Government & Defense | Claimed | 22 days ago | |
| elections.mia.gov.am from WOLVES OF TURAN | — | AM Armenia | Government & Defense | Claimed | 22 days ago | |
| tkgm.gov.tr | — | TR Turkey | Government & Defense | Claimed | about 1 month ago | |
| tkgm.gov.tr | tkgm.gov.tr | TR Turkey | Government & Defense | Claimed | about 1 month ago | |
| minsa.com.mx | — | MX Mexico | Manufacturing | Claimed | about 1 month ago | |
| tkgm.gov.tr | tkgm.gov.tr | TR Turkey | Government & Defense | Claimed | about 1 month ago | |
| minsa.com.mx | minsa.com.mx | MX Mexico | Manufacturing | Claimed | about 1 month ago | |
| minsa.com.mx | minsa.com.mx | MX Mexico | Manufacturing | Claimed | about 1 month ago | |
| tvnmedia.com | — | PA Panama | Technology | Claimed | about 1 month ago | |
| tvnmedia.com | tvnmedia.com | PA Panama | Technology | Claimed | about 1 month ago |
Page 1 of 8
Affected countries(52)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇲Armenia🇦🇷Argentina🇦🇺Australia🇧🇩Bangladesh🇧🇪Belgium🇧🇬Bulgaria🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇴Colombia🇩🇪Germany🇩🇴Dominican Republic🇪🇬Egypt🇪🇸Spain🇫🇷France🇬🇧United Kingdom🇬🇭Ghana🇭🇰Hong Kong🇭🇷Croatia🇮🇩Indonesia🇮🇳India🇰🇪Kenya🇱🇷Liberia🇲🇦MoroccoMoldova, Republic ofMacedonia, the Former Yugoslav Republic of🇲🇷Mauritania🇲🇹Malta🇲🇽Mexico🇲🇾Malaysia🇵🇦Panama🇵🇪Peru🇵🇭Philippines🇵🇱PolandPalestine, State of🇵🇹Portugal🇵🇾Paraguay🇷🇴Romania🇷🇸Serbia🇸🇦Saudi Arabia🇸🇨Seychelles🇸🇬Singapore🇸🇰Slovakia🇹🇭Thailand🇹🇷Turkey🇺🇸United States🇺🇾Uruguay🇻🇳Vietnam🇾🇪Yemen🇿🇦South Africa