US healthcare organizations targeted by Daixin Team ransomware

Threat Level

Actor Report

For a detailed threat advisory, download the pdf file here

Summary

Daixin Team ransomware, and data extortion group has been gaining initial access to victims through virtual private networks (VPN) servers since June 2022, either by exploiting an unpatched vulnerability in the organization’s VPN server or using compromised credentials to access a legacy VPN server in order to deploy ransomware and exfiltrate data.