The Eraleign (APT73) ‘Bashe’ Variant: A Definitive Forensic Recovery Guide
In our recovery lab today at Lockbit Decryptor, we analyzed the Eraleign group, self-styled as APT73 and formerly known as Bashe. Our forensic intelligence concludes this is not a traditional ransomware operation but a data-brokering entity that fabricates breach narratives. They curate or reuse old, publicly available data from other threat actors (like BlackBasta) and…