Live Latest activity →
AP

apt73

Known ransomware group ACTIVE

Also known as: Bashe, Eraleign

Currently active

APT73 (also seen as Eraleig/Bashe) is an extortion group that surfaced in 2024 with a leak site modeled closely on LockBit, claiming victims primarily in business services and technology. Its naming style mimics nation-state APT branding despite being financially motivated.

6

Total Claims

1

Critical

Records Claimed

3

Industries Hit

Active span: Apr 27, 2026 – Jun 2, 2026 · 6 organizations targeted

Currently active
Activity 5.3 Severity 5.0 Sectors 4.6 Tooling 0.0

Actor Threat Profile

Activity Timeline

Peak: Apr 2026 (3)
Apr 2026
LessMore
Jun 2026

Share this profile

Shareable intel card for apt73

Top Targeted Industries

Public Sector 3
Healthcare 1
Education 1

Tradecraft & Infrastructure

0

Documented tools

0 / 0

MITRE tactics / techniques

10

Known leak sites

Full intelligence profile on ransomware.live →

Targeted Organizations

elections.mia.gov.am from WOLVES OF TURANtkgm.gov.tralkaloid.com.mkcompensatii.gov.mdhl.co.ukmahidol.ac.th

Claims by apt73

Low

Ransomware Claim: elections.mia.gov.am from WOLVES OF TURAN

elections.mia.gov.am from WOLVES OF TURAN
apt73
Ransomware Public Sector
Jun 3, 2026
Low

Ransomware Claim: tkgm.gov.tr

tkgm.gov.tr
apt73
Ransomware Public Sector
May 23, 2026
Critical

Ransomware Claim: alkaloid.com.mk

alkaloid.com.mk
apt73
Ransomware Healthcare
May 22, 2026
Medium

Ransomware Claim: compensatii.gov.md

compensatii.gov.md
apt73
Ransomware Public Sector
Apr 28, 2026
Medium

Ransomware Claim: hl.co.uk

hl.co.uk
apt73
Ransomware
Apr 28, 2026
Medium

Ransomware Claim: mahidol.ac.th

mahidol.ac.th
apt73
Ransomware Education
Apr 28, 2026

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.