Security News > 2022 > October > US govt warns of Daixin Team targeting health orgs with ransomware
CISA, the FBI, and the Department of Health and Human Services warned that a cybercrime group known as Daixin Team is actively targeting the U.S. Healthcare and Public Health sector in ransomware attacks.
"The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022," the advisory revealed.
Since June, Daixin Team attackers have been linked to multiple health sector ransomware incidents where they've encrypted systems used for many healthcare services, including electronic health records storage, diagnostics, imaging services, and intranet services.
The ransomware gang gains access to targets' networks by exploiting known vulnerabilities in the organizations' VPN servers or with the help of compromised VPN credentials belonging to accounts with multi-factor authentication toggled off.
"According to third-party reporting, the Daixin Team's ransomware is based on leaked Babuk Locker source code," the federal agencies added.
In August, CISA and the FBI also warned that attackers known for mainly targeting the healthcare and medical industries with Zeppelin ransomware might encrypt files multiple times, making file recovery more tedious.
News URL
Related news
- US charges Phobos ransomware admin after South Korea extradition (source)
- Phobos ransomware administrator faces US cybercrime charges (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- US government, energy sector contractor hit by ransomware (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- US charges Russian-Israeli as suspected LockBit ransomware coder (source)