bashe

Ransomware group profile

5Victims

Czech RepublicSource country

65Impact score

Also Known As

Bashe

APT73

Apt 73

Description

Eraleign is a high-profile ransomware group that specializes in advanced cyberattacks targeting large organizations for maximum financial gain. Known for their sophisticated encryption methods and double extortion tactics, they employ custom-built malware to infiltrate networks and have shifted their focus towards critical infrastructure and supply chain attacks.

Key insights

•Utilizes rapid encryption methods and multi-stage infection chains.
•Targets multiple sectors, especially critical infrastructure and healthcare.
•Employs double extortion tactics by threatening to leak stolen data.
•Gains initial access via phishing campaigns and known vulnerabilities.
•Demonstrates a trend towards leveraging REvil's toolkit and tactics.

Industries

Education Energy & Utilities Financial Services Government & Defense Healthcare Manufacturing Other Technology Transportation

Threat Level & Status Breakdown

For bashe · Based on incidents in selected period

2.8threat level

Aggressiveness6/ 10

Lethality0/ 10

Criticality2.3/ 10

Status Breakdown

Claimed100.0%5

First seenJan 2026

Last seenFeb 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 2, 2026

Recent activity

Monthly attack count for bashe in the selected period

5Total attacks

3peak in Feb

2.5avg / month

↑ 1 vs first month

No intelligence data for this group.

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for bashe

Other

T1486

T1490

T1562

T1040

T1071

T1078

T1059

T1021

T1021.001

T1547

Victims(50)

Company	Domain	Country	Industry	Status	Discovered
elections.mia.gov.am from WOLVES OF TURAN	—	AM Armenia	Government & Defense	Claimed	1 day ago
tkgm.gov.tr	—	TR Turkey	Government & Defense	Claimed	12 days ago
minsa.com.mx	minsa.com.mx	MX Mexico	Manufacturing	Claimed	12 days ago
tvnmedia.com	—	PA Panama	Technology	Claimed	12 days ago
alkaloid.com.mk	—	MK North Macedonia	Healthcare	Claimed	13 days ago
narit.or.th	—	TH Thailand	Government & Defense	Claimed	13 days ago
grupopetersen.com.ar	grupopetersen.com.ar	AR Argentina	Financial Services	Claimed	13 days ago
ungererandcompany.com	—	US United States	Manufacturing	Claimed	13 days ago
medikaplaza.com	—	ID Indonesia	Manufacturing	Claimed	about 1 month ago
jgpetrucci.com	—	US United States	Professional Services	Claimed	about 1 month ago
providentgh.com	providentgh.com	GH Ghana	Financial Services	Claimed	about 1 month ago
grupo-principal.com	—	MX Mexico	Retail & E-Commerce	Claimed	about 1 month ago
cofaco.com	—	PE Peru	Retail & E-Commerce	Claimed	about 1 month ago
dunav.com	—	RS Serbia	Financial Services	Claimed	about 1 month ago
algosaibi-gtb.com	—	SA Saudi Arabia	Healthcare	Claimed	about 1 month ago
alx-pc.com	—	EG Egypt	Energy & Utilities	Claimed	about 1 month ago
arrawdah.org.sa	—	SA Saudi Arabia	Healthcare	Claimed	about 1 month ago
ifmis.go.ke	—	KE Kenya	Government & Defense	Claimed	about 2 months ago
whessoe.com.my	—	MY Malaysia	Manufacturing	Claimed	about 2 months ago
olpro.com.my	—	MY Malaysia	Retail & E-Commerce	Claimed	about 2 months ago

Page 1 of 3

Affected countries(46)

Countries where this group has been reported to target or leak victims.