compensatii.gov.md Ransomware Attack by apt73 (April 2026)

Claim Summary

On April 27, 2026, the ransomware group apt73 allegedly claimed responsibility for an attack against compensatii.gov.md, the official online government platform of the Republic of Moldova. The group posted a leak site entry asserting they have compromised the domain and exfiltrated data, though the volume and specific nature of the stolen information remain undisclosed. This claim has not been independently verified by Yazoul Security. The attack date listed by the group is April 27, 2026.

Threat Actor Profile

apt73 is a ransomware group with a known track record of 78 alleged victims. However, there is no publicly available research detailing their specific tools, tactics, or procedures (TTPs). The group’s credibility is difficult to assess due to the lack of open-source intelligence on their operations. Without known tooling or a history of verified leaks, their claims should be treated with heightened skepticism. Ransomware groups with smaller victim counts or limited public documentation often exaggerate or fabricate attacks to build notoriety. No YARA rules or detection guidance currently exist for apt73, as their technical signatures remain unidentified.

Alleged Data Exposure

According to the leak site, apt73 claims to have accessed compensatii.gov.md, which serves as a centralized government portal for compensation-related services in Moldova. The group has not disclosed the volume of data allegedly stolen, nor have they provided samples or evidence to substantiate their claim. The nature of the exposed information could potentially include personal data of citizens applying for compensation, administrative records, or internal government communications, but this remains speculative. The lack of a data sample or specific file listing reduces the credibility of the claim.

Potential Impact

If verified, this incident could have significant consequences for the Republic of Moldova’s public sector. compensatii.gov.md likely processes sensitive citizen data, including identification numbers, financial details, and compensation eligibility records. A breach could lead to identity theft, fraud, or targeted phishing campaigns against Moldovan residents. Additionally, the compromise of a government platform may disrupt public services, erode trust in digital governance, and attract regulatory scrutiny under Moldova’s data protection laws. The reputational damage to the government’s cybersecurity posture could be substantial.

What to Watch For

• Official Confirmation: Monitor for statements from the Moldovan government or compensatii.gov.md administrators regarding the alleged breach.
• Data Leak Samples: Watch for any subsequent posts by apt73 that include proof of exfiltration, such as file lists or redacted data samples.
• Citizen Phishing: Be alert for phishing emails or scams targeting Moldovan citizens that reference compensatii.gov.md, as threat actors may weaponize stolen data.
• Group Activity: Track apt73’s future claims to assess their operational patterns and credibility.

Disclaimer

This report is based on an unverified claim posted by the ransomware group apt73 on their leak site. Yazoul Security has not independently confirmed the attack, the data exfiltration, or the group’s identity. Ransomware groups routinely fabricate or exaggerate claims to pressure victims or gain notoriety. No technical evidence, data samples, or internal communications have been reviewed. Readers should treat this information as preliminary intelligence and await official confirmation from the Republic of Moldova’s government before taking action.