The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have issued a joint alert. The alert pertains to a new cybercrime group called Daixin Team that targets organizations in the healthcare sector. The threat actor has been active since June 2022, the agencies state, and target organizations in the US with ransomware. The ransomware is based on the Babuk source code. The authorities state that the cybercrime group has also engaged in data theft and extortion.
The group has been observed by the agencies compromising victims’ networks to deploy ransomware on healthcare organizations’ servers. This includes electronic health records, imaging, and other services. The group also seeks to steal sensitive patient health information and personally identifiable information. This data is later used as a leverage to extort victims.