Press ESC to close

Dark Web Profile: Bashe (APT73)

Category Details
Threat Actors • Bashe (previously APT73 or Eraleig) – a ransomware group emerging in 2024.
Campaign Overview • Bashe uses double extortion tactics, encrypting files and threatening data exposure on a TOR-based DLS (data leak site).
• The group targets critical industries in developed nations.
Target Regions (Victims) • United States, United Kingdom, France, Germany, India, and Australia.
Methodology • Phishing (especially spear-phishing) and exploiting vulnerabilities in public-facing applications.
• Data exfiltration and encryption, with threats of data exposure on the DLS.
Product Targeted • Critical industries including technology, healthcare, financial services, business services, manufacturing, logistics, transportation, construction.
Malware Reference • Bashe ransomware (formerly APT73 or Eraleig).
Tools Used • Phishing, spear-phishing emails, TOR network for data leak site hosting.
Vulnerabilities Exploited • Vulnerabilities in public-facing applications.
TTPs • Tactics, techniques, and procedures (MITRE ATT&CK):
• Initial Access: Phishing, Exploit Public-Facing Applications.
• Execution: PowerShell.
• Persistence: Scheduled Tasks, Registry Run Keys.
Attribution • Bashe (formerly APT73 or Eraleig) group, likely influenced by LockBit.
Recommendations • Patch management, network segmentation, MFA, strong password policies, and user training.
• Endpoint Detection and Response (EDR), application whitelisting, and behavioral analytics.
• Regular dark web monitoring.
Source  SOCRadar

Read full article: https://socradar.io/dark-web-profile-bashe-apt73/

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: SOCRadar

Published on: December 25, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *