[threat-actors] Add APT73

clusters/threat-actor.json

@@ -17359,6 +17359,27 @@
       },
       "uuid": "09aa3edb-e956-43f0-9fcb-a3154b47d202",
       "value": "WageMole"
+    },
+    {
+      "description": "APT73 is a ransomware group that has publicly identified 12 victims and launched its data leak site on April 25th. The DLS bears a striking resemblance to that of LockBit, likely to leverage LockBit's reputation and attract potential affiliates. The rationale for this design mimicry is unclear, but it may be intended to signal operational parity with LockBit to inspire trust among low-level criminals. APT73 was formed by an alleged former LockBit affiliate following law enforcement's \"Operation Cronos\" in February 2024.",
+      "meta": {
+        "refs": [
+          "https://quointelligence.eu/2024/06/analyzing-shift-in-ransomware-dynamics/",
+          "https://www.redpacketsecurity.com/apt73-ransomware-victim-www-baldinger-ag-ch/",
+          "https://www.redpacketsecurity.com/apt73-ransomware-victim-www-scopeset-de/",
+          "https://www.redpacketsecurity.com/apt73-ransomware-victim-hpecds-com/",
+          "https://www.redpacketsecurity.com/apt73-ransomware-victim-www-trinitesolutions-com/",
+          "https://www.redpacketsecurity.com/apt73-ransomware-victim-modplan-co-uk/",
+          "https://www.redpacketsecurity.com/apt73-ransomware-victim-mgfsourcing-com/",
+          "https://www.redpacketsecurity.com/apt73-ransomware-victim-www-legilog-fr/",
+          "https://www.redpacketsecurity.com/apt73-ransomware-victim-sokkakreatif-com/"
+        ],
+        "synonyms": [
+          "Eraleig"
+        ]
+      },
+      "uuid": "84bf7b38-e120-44c9-bfdd-82740593a6c6",
+      "value": "APT73"
     }
   ],
   "version": 320