Home Security CISA Warns of Daixin Crew Hackers Focusing on Well being Organizations With Ransomware

CISA Warns of Daixin Crew Hackers Focusing on Well being Organizations With Ransomware

by crpt os


U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country.

“The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022,” the agencies said.

The alert was published Friday by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS).

Over the past four months, the group has been linked to multiple ransomware incidents in the Healthcare and Public Health (HPH) sector, encrypting servers related to electronic health records, diagnostics, imaging, and intranet services.

It’s also said to have exfiltrated personal identifiable information (PII) and patient health information (PHI) as part of a double extortion scheme to secure ransoms from victims.

One of those attacks was aimed at OakBend Medical Center on September 1, 2022, with the group claiming to have siphoned roughly 3.5GB of data, including over one million records with patient and employee information.

It also published a sample containing 2,000 patient records on its data leak site, which included names, genders, dates of birth, Social Security numbers, addresses, and other appointment details, according to DataBreaches.net.

On October 11, 2022, it notified its customers of emails sent by “third-parties” regarding the cyber attack, stating it’s directly informing affected patients, in addition to offering free credit monitoring services for 18 months.

Per the new alert, initial access to targeted networks is achieved by means of virtual private network (VPN) servers, often taking advantage of unpatched security flaws and compromised credentials obtained via phishing emails.

CyberSecurity

Upon gaining a foothold, the Daixin Team has been observed moving laterally by making use of remote desktop protocol (RDP) and secure shell (SSH), followed by gaining elevated privileges using techniques like credential dumping.

“The actors have leveraged privileged accounts to gain access to VMware vCenter Server and reset account passwords for ESXi servers in the environment,” the U.S. government said. “The actors have then used SSH to connect to accessible ESXi servers and deploy ransomware on those servers.”

What’s more, the Daixin Team’s ransomware is based on another strain called Babuk that was leaked in September 2021, and has been used as a foundation for a number of file-encrypting malware families such as Rook, Night Sky, Pandora, and Cheerscrypt.

As mitigations, it’s recommended that organizations apply the latest software updates, enforce multi-factor authentication, implement network segmentation, and maintain periodic offline backups.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex