According to CISA, Daixin Team has been using various tools and methods to compromise targets, including remote desktop protocol (RDP) brute force attacks, phishing emails, and low-privilege user exploits. Once they have gained access to a target network, the group will then deploy their ransomware payloads. Investigators believe that Daixin Team has developed their own ransomware strain, as well as used off-the-shelf ransomware tools such as Ryuk, Sodinokibi/ REvil, Maze, DoppelPaymer, and Conti.
To date, there have been no reports of successful recovery from a Daixin Team attack through paying a ransom. investigators believe that this is likely because the group uses sophisticated tactics that make it difficult for victims to regain access to their data. As a result, victims who have paid the ransom have often found themselves having to pay again to regain access to their data.
CISA advises all organizations, especially those in the HPH Sector, to take steps to protect themselves from Daixin Team or other similar threats. These steps include patching systems and applications promptly, enabling multifactor authentication whenever possible, conducting regular backups of important data offline, and training employees on cybersecurity awareness.
Daixin Team is a ransomware group that has been actively targeting US businesses, mainly in the Healthcare and Public Health (HPH) Sector. CISA has released a new joint Cybersecurity Advisory (CSA) warning organizations against the group. The CSA was published in conjunction with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS). According to CISA, Daixin Team has been using various tools and methods to compromise targets, including remote desktop protocol (RDP) brute force attacks, phishing emails, and low-privilege user exploits. To date, there have been no reports of successful recovery from a Daixin Team attack through paying a ransom.
CISA is the Cybersecurity and Infrastructure Security Agency. CISA is responsible for enhancing the security of America's critical infrastructure and information systems. CISA accomplishes this mission by working with partners to deliver cybersecurity tools, guidance, and incident response assistance; conducting assessments of the cybersecurity posture of critical infrastructure sectors; sharing actionable threat intelligence; and coordinating cybersecurity efforts across federal, state, local, tribal, private sector, and international partners. CISA also leads efforts to secure federal civilian government networks and provides guidance to executive departments and agencies on cybersecurity risks and mitigation strategies. CISA was established in 2018 as a result of the reorganization of the National Protection and Programs Directorate within DHS. CISA is headed by Christopher Krebs, who serves as the Director.