BASHE emerged as a ransomware operation with a growing presence across leak sites and underground ecosystems. Further investigation revealed connections to Eraleign (APT73) through shared infrastructure, Telegram activity, and operational patterns. By analyzing dark web assets, communication channels, and affiliate structures, the investigation highlights how ransomware groups can evolve, rebrand, and maintain continuity while operating under a new identity within the cybercriminal landscape.
Read Full Report: From Eraleign (APT73) to BASHE: Uncovering the Evolution of a Ransomware Operation
