Health-ISAC contributed to a recent CSA issued by FBI, CISA, and HHS
#StopRansomware: Daixin Team
View full advisory here: https://www.cisa.gov/uscert/ncas/alerts/aa22-294a
Pdf version:
aa22-294a-stopransomware-daixin-team_10-21-22v2_CLEAN
Text Version:
TLP:WHITE
SUMMARY
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) are releasing this joint CSA to provide information on the “Daixin Team,” a cybercrime group that is actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations.
This joint CSA provides TTPs and IOCs of Daixin actors obtained from FBI threat response activities and third-party reporting.
Actions to take today to mitigate cyber threats from ransomware:
• Install updates for operating systems, software, and firmware as soon as they are released.
- – Require phishing-resistant MFA for as many services as possible.
- – Train users to recognize and report phishing attempts.