Category | Details |
---|---|
Threat Actors | • Bashe (previously APT73 or Eraleig) – a ransomware group emerging in 2024. |
Campaign Overview | • Bashe uses double extortion tactics, encrypting files and threatening data exposure on a TOR-based DLS (data leak site). • The group targets critical industries in developed nations. |
Target Regions (Victims) | • United States, United Kingdom, France, Germany, India, and Australia. |
Methodology | • Phishing (especially spear-phishing) and exploiting vulnerabilities in public-facing applications. • Data exfiltration and encryption, with threats of data exposure on the DLS. |
Product Targeted | • Critical industries including technology, healthcare, financial services, business services, manufacturing, logistics, transportation, construction. |
Malware Reference | • Bashe ransomware (formerly APT73 or Eraleig). |
Tools Used | • Phishing, spear-phishing emails, TOR network for data leak site hosting. |
Vulnerabilities Exploited | • Vulnerabilities in public-facing applications. |
TTPs | • Tactics, techniques, and procedures (MITRE ATT&CK): • Initial Access: Phishing, Exploit Public-Facing Applications. • Execution: PowerShell. • Persistence: Scheduled Tasks, Registry Run Keys. |
Attribution | • Bashe (formerly APT73 or Eraleig) group, likely influenced by LockBit. |
Recommendations | • Patch management, network segmentation, MFA, strong password policies, and user training. • Endpoint Detection and Response (EDR), application whitelisting, and behavioral analytics. • Regular dark web monitoring. |
Source | SOCRadar |
Read full article: https://socradar.io/dark-web-profile-bashe-apt73/
The above summary has been generated by an AI language model
Leave a Reply