The APT73/BASHE ransomware group, active since April 2024, targets mid-sized organizations across various sectors, including Financial Services and IT. They employ deceptive tactics to inflate their reputation and attract affiliates, often claiming responsibility for attacks they did not commit. Their operations have been marked by a lack of authenticity and reliance on reposted or curated data. Affected: Malindo Air, Betclic, Federal Bank India, Line Bank, Bank Rakyat Indonesia
Keypoints :
- APT73/BASHE is a newly emerged ransomware group active since April 2024.
- The group targets mid-sized organizations with revenues between $10M and $500M.
- Industries affected include Financial Services, IT, Banking, and Manufacturing.
- They focus on exfiltrating sensitive data to enhance their claims of legitimacy.
- Bashe employs deceptive tactics, taking credit for attacks they did not commit.
- They have shown signs of inexperience but possess adaptive strategies for growth.
- Their false claims may lead to reputational damage for targeted organizations.
- Bashe’s operations may attract affiliates due to media hype around their claims.
- Robust threat intelligence systems are recommended to validate claims made by ransomware groups.
- Collaboration with cybersecurity platforms is essential to combat fraudulent claims.
MITRE Techniques :
- TA0040: Impact – Erosion of Credibility due to false claims may lead to reputational damage.
- TA0041: Resource Drain – Time and resources wasted on investigating fraudulent claims.
- TA0042: Increased Panic – Media hype creates unnecessary panic around baseless claims.
- TA0043: Opportunity for Threat Actors – False claims generate visibility, attracting affiliates.
Indicator of Compromise :
- [url] malindoair.com
- [url] betclic.com
- [url] federalbank.co.in
- [url] linebank.co.id
- [url] bri.co.id
- Check the article for all found IoCs.
Full Research: https://www.cloudsek.com/blog/unmasking-media-hungry-ransomware-groups-bashe-apt73