APT73, also known as Bashe, is a ransomware group that emerged in mid-April 2024, self-identifying as an Advanced Persistent Threat (APT). The group has been linked to the LockBit ransomware variant, adopting similar operational tactics and utilizing a TOR-based data leak site for extortion purposes.
APT73 has targeted various industries, including finance and technology. In June 2024, the group claimed responsibility for a ransomware attack on AlphaNovaCapital, a boutique investment firm based in Hong Kong. The attack resulted in the exfiltration and leakage of sensitive documents, highlighting the vulnerabilities of financial institutions to cyber threats.
In September 2024, APT73 executed a ransomware attack on ServicePower, a company specializing in field service management solutions. The attack led to the exfiltration of approximately 0.328 gigabytes of data, including user credentials and other sensitive information. The leaked data was subsequently published on APT73’s dark web leak site, ERALEIGNEWS.
APT73’s tactics include phishing attacks to gain initial access, followed by data exfiltration and encryption. The group employs a TOR-based data leak site to publish stolen data, pressuring victims into paying ransoms to prevent public exposure. Organizations are advised to implement robust cybersecurity measures, including regular data backups, system updates, and employee training, to mitigate the risk of falling victim to such ransomware campaigns.