RAO d.o.o. Faces Ransomware Threat from APT73/BASHE Group

Incident Date: Nov 23, 2024

Attack Overview

VICTIM

RAO d.o.o.

INDUSTRY

Software

LOCATION

Croatia

ATTACKER

APT73

FIRST REPORTED

November 23, 2024

Request Removal

Ransomware Attack on RAO d.o.o. by APT73 / BASHE / BASHE: A Cybersecurity Analysis

RAO d.o.o., a Croatian IT services company specializing in software solutions and consulting services, recently fell victim to a ransomware attack orchestrated by the threat actor group APT73 / BASHE / BASHE. This attack has raised concerns about the company's cybersecurity posture and the evolving landscape of cyber threats.

Company Profile

RAO d.o.o. is a small enterprise based in Zagreb, Croatia, with a workforce of approximately 28 employees. The company has been operational for over two decades, focusing on software development and consulting services related to business informatization and digital transformation. RAO d.o.o. stands out in the IT industry for its tailored software solutions and personalized consulting services, catering to a wide range of clients across different sectors.

Attack Overview

APT73 / BASHE / BASHE, a ransomware group known for its aggressive tactics, targeted RAO d.o.o. and claimed to have accessed 0.03 GB of the company's data. The attackers leaked sample screenshots as proof of the breach, indicating a successful infiltration of the company's systems. This breach has potentially exposed sensitive information and disrupted RAO d.o.o.'s operations, highlighting the critical need for enhanced cybersecurity measures.

Ransomware Group: APT73 / BASHE / BASHE

APT73 / BASHE / BASHE is a threat actor group that has gained notoriety for its ransomware attacks on organizations worldwide. The group distinguishes itself by employing sophisticated encryption methods and double-extortion strategies, threatening to leak stolen data if ransom demands are not met. APT73 / BASHE / BASHE's operational model mirrors that of established ransomware groups, indicating a level of expertise in cybercrime tactics.

Vulnerabilities and Penetration

RAO d.o.o.'s vulnerabilities to ransomware attacks may stem from its focus on software development and consulting services, which involve handling sensitive client data. The company's size and industry prominence could make it an attractive target for threat actors seeking to exploit potential security gaps. APT73 / BASHE / BASHE likely penetrated RAO d.o.o.'s systems through phishing emails, unpatched software vulnerabilities, or weak network defenses, highlighting the importance of proactive cybersecurity measures.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.