Project Hyphae
Search

Healthcare Sector Being Actively Targeted by Daixin Team Ransomware

Share This Post

Note: FRSecure is aware of a malware named Daxin. It appears that Daixin and Daxin are related, and the name differences are due to “Daxin” being used in some ransom notes.

In conjunction with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS), the Cybersecurity and Infrastructure Security Agency (CISA) today advised that the Daixin Team is actively targeting US businesses, particularly in the Healthcare and Public Health Sector (HPH).

The Daixin Team is a data extortion and ransomware group that has been targeting the HPH Sector since at least June 2022. Servers with personally identifiable information (PII) and protected health information (PHI) are highly sought after targets, and such information has been threatened to be released if ransoms are not paid. Daixin Team threat actors are typically gaining initial access to victims’ networks through VPN servers, and then move laterally with SSH and remote desktop, according to the advisory. The ransomware is based on leaked Babuk Locker source code, and used Rclone for data exfiltration in at least one confirmed compromise.

CISA is urging organizations to prioritize patching VPN servers, remote access software, virtual machine software, and known exploited vulnerabilities.

To see the full advisory, along with known Indicators of Compromise (IOCs) at this time, visit: https://www.cisa.gov/uscert/ncas/alerts/aa22-294a



Reach out to our incident response team for help

More To Explore

Information Security News 3-25-2024

Developer Sues Minnesota Contractor After $735K Payment Disappears Article Link: https://www.constructiondive.com/news/beck-sues-ryan-fsa-title-cybercrime/710708/ Truck-to-Truck Worm Could Infect and Disrupt Entire US Commercial Fleet Article Link: https://www.theregister.com/2024/03/22/boffins_tucktotruck_worm/ NIST’s

Information Security News 3-18-2024

Threat Actors Leaked 70 Million Records Allegedly Stolen From AT&T Article Link: https://securityaffairs.com/160627/data-breach/70m-att-records-leaked.html Former Telecom Manager Admits to Doing SIM Swaps for $1,000 Article Link:

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.