Security News > 2022 > October > CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware

U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country.

"The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022," the agencies said.

Over the past four months, the group has been linked to multiple ransomware incidents in the Healthcare and Public Health sector, encrypting servers related to electronic health records, diagnostics, imaging, and intranet services.

Upon gaining a foothold, the Daixin Team has been observed moving laterally by making use of remote desktop protocol and secure shell, followed by gaining elevated privileges using techniques like credential dumping.

"The actors have then used SSH to connect to accessible ESXi servers and deploy ransomware on those servers."

What's more, the Daixin Team's ransomware is based on another strain called Babuk that was leaked in September 2021, and has been used as a foundation for a number of file-encrypting malware families such as Rook, Night Sky, Pandora, and Cheerscrypt.

News URL

https://thehackernews.com/2022/10/cisa-warns-of-daixin-team-hackers.html