The Cybersecurity & Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and the Federal Bureau of Investigation are warning of the Daixin ransomware group (aka “Daixin Team”). Daixin are a cybercriminal group targeting US businesses, mostly in the healthcare industry vertical.
The Daixin team are repeatedly targeting healthcare businesses with ransomware attacks and extortion.
Since June 2022, Daixin has been charged with deploying ransomware onto services critical for healthcare services, such as “electronic health records services, diagnostics services, imaging services and intranet services,” according to CISA.
The cyber criminal group has also exfiltrated data from healthcare systems including patient personally identifiable information, patient health information, and threaten to release the data if ransoms are not paid.
According to CISA, the attacks typically enter the target network through a virtual private network (VPN) connection, and embed themselves on the network by exploiting vulnerabilities.
Some attacks also leverage stolen credentials where multi-factor authentication (MFA) are not utilized to secure the user login access.
Further network attacks persist across VMware vCenter Server, and resetting account passwords for ESXi servers in the environment.
Ransomware continues to rip through the healthcare system on a global level. Earlier this month, CommonSpirit Health, the second-largest non-profit hospital chain in the US suffered a ransomware attack. Researchers with Recorded Future found that 25% of all ransomware attacks in 2022 affect the healthcare industry.
Earlier today, we also reported on Medibank, and Australian health insurance firm that suffered a cybersecurity breach.
Full attack indicators of compromise and further details are available on the joint-agency announcement on CISA.gov.
