ALL YOUR IT. SIMPLIFIED.
Cybersecurity for middle market operations
Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022. Since then, Daixin Team cybercrime actors have caused ransomware incidents at multiple HPH Sector organizations.
Daixin Team actors are likely based in China and appear to be an experienced group of threat actors who will continue to conduct their activity until they are successfully identified and brought to justice.
Daixin Team campaign timeline:
June 16, 2022 - Cisco Talos observed a targeted attack against an HPH Sector hospital in Hong Kong by a previously unknown threat actor named Daixin Team. The cybercrime group used spear phishing with malicious Microsoft Word attachments containing a malicious Visual Basic Scripting (.vbs) file that was designed to exploit the vulnerability CVE-2012-0158. The .vbs file was dropped in the “Compressed Folder”, a special folder that is specific to Office 2013. In addition, the HPH Sector organization received an email message from what appeared to be a legitimate law firm asking the HPH Sector organization to download a file attached to the email message. The actor later asked for their payment in order to “undo” some of their work.
September 1, 2022 - A second attack by Daixin Team where they used spear phishing with malicious Microsoft Word attachments containing malicious Visual Basic Scripting (.vbs) files designed to exploit CVE-2012-0158 was observed targeting an IT facility in Hong Kong.
September 23, 2022 - A third attack by Daixin Team where they used an email message asking for the HPH Sector organization to download a file attached to the email message was observed targeting a different HPH Sector organization in Hong Kong.
September 24, 2022 - A fourth attack by Daixin Team where they used spear phishing with malicious Microsoft Excel attachments containing malicious Visual Basic Scripting (.vbs) files designed to exploit CVE-2012-0158 was observed targeting a different HPH Sector organization in Hong Kong.
October 19, 2022 - A fifth attack by Daixin Team where they used spear phishing with malicious Microsoft Excel attachments containing malicious Visual Basic Scripting (.vbs) files designed to exploit CVE-2012-0158 was observed targeting a different HPH Sector organization in Hong Kong.
November 1, 2022 - A sixth attack by Daixin Team where they used spear phishing with malicious Microsoft Word attachments containing malicious Visual Basic Scripting (.vbs) files designed to exploit CVE-2012-0158 was observed targeting an IT facility in Hong Kong.
November 4, 2022 - A seventh attack by Daixin Team where they used spear phishing with malicious Microsoft Word attachments containing malicious Visual Basic Scripting (.vbs) files designed to exploit CVE-2012-0158 was observed targeting a different HPH Sector organization in Hong Kong.
Source: #StopRansomware: Daixin Team - AlienVault - Open Threat Exchange
