Exfiltration
- RClone
Daixin Team is a ransomware and data-extortion threat actor active since at least 2022 and known primarily for targeting healthcare organizations, though victims have also included transportation and aviation-sector entities.
Profile source: Mallory opens in a new tabDaixin Team
Daixin Team is a ransomware and data-extortion threat actor active since at least 2022 and known primarily for targeting healthcare organizations, though victims have also included transportation and aviation-sector entities. The group is associated with financially motivated intrusions involving unauthorized network access, theft of sensitive data, extortion, and public leak threats. Reported victims include hospitals in the United States, ambulance and emergency medical services providers, and AirAsia Group.
Daixin Team has been linked to attacks in which data theft is confirmed and extortion pressure is applied through threatened or actual publication of stolen information. The group has been publicly associated with breaches affecting OakBend Medical, Fitzgibbon Hospital, Acadian Ambulance Service, and AirAsia Group. In healthcare intrusions, the actor has been reported to target organizations holding large volumes of patient and operational data, increasing leverage during ransom negotiations.
The actor is commonly referenced as Daixin Team, with aliases including Daixin, Daixin Group, and Daixin Team. Available reporting consistently characterizes the group as a ransomware operation rather than a state-sponsored espionage actor. High-confidence public information indicates a focus on financially motivated attacks and leak-site style extortion, but detailed, consistently corroborated information about its internal structure, geographic origin, sub-groups, or distinctive malware tradecraft remains limited in the provided material.
Ransomware.live
Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.