The FBI and other agencies are warning of a rise in Daixin Team ransomware and data extortion attacks on healthcare providers.
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) has
issued a joint warning about Daixin Team activity against the healthcare and public health sector since June 2022.
The group has used ransomware to encrypt servers providing services for electronic health records, diagnostics, imaging, and intranet. They have also exfiltrated personal identifiable information and patient health information.
The agencies are warning health providers to secure VPN servers as this was how the group gained access to previous targets, including exploiting an unpatched flaw in the victim's VPN server. In another confirmed case, the actors used previously compromised credentials to access a legacy VPN server where multi-factor authentication (MFA) was not enabled. The actors are believed to have acquired the VPN credentials through a phishing email with a malicious attachment.
www.zdnet.com
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}