The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and HHS released a joint cybersecurity advisory providing information on a cybercrime group called “Daixin Team.” This cybercrime group is currently targeting U.S. businesses in the public health and healthcare sectors, using ransomware and other methods for extorting data.
The Daixin Team deploys ransomware to encrypt servers that manage healthcare services, including diagnostic, imaging, and electronic medical record services. This group gains initial access through virtual private network (VPN) servers, particularly servers without multifactor authentication. The advisory details various tactics used to infiltrate vulnerable servers.
To prevent Daixin Team and other malicious activity, the FBI, CISA, and HHS make numerous recommendations, including urging healthcare and public health sector organizations to promptly install updates for software, firmware, and operating systems; to secure and monitor Remote Desktop Protocol (RDP); to secure PII/PHI where it is collected; and to encrypt data, both in transit and at rest.