From 0391d3f3a53bbd2d3ae101b1121b20590b9b92a6 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 1 Dec 2023 16:21:53 -0800
Subject: [PATCH] [threat-actors] Add Daixin Team

---
 clusters/threat-actor.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 8b56512..26a0384 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13625,6 +13625,20 @@
       },
       "uuid": "dae45b1c-f957-4242-aa5b-f36b08994bad",
       "value": "ScamClub"
+    },
+    {
+      "description": "Daixin is a threat actor group that has been active since at least June 2022. They primarily target the healthcare and public health sector with ransomware attacks, stealing sensitive data and threatening to release it if a ransom is not paid. They have successfully targeted various industries, including healthcare, aerospace, automotive, and packaged foods. Daixin gains initial access through VPN servers and exploits vulnerabilities or uses phishing attacks to obtain credentials. They have been responsible for cyberattacks on organizations such as the North Texas Municipal Water District and TransForm Shared Service Org, impacting their networks and stealing customer and patient information.",
+      "meta": {
+        "refs": [
+          "https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-294a",
+          "https://www.mycert.org.my/portal/details?menu=431fab9c-d24c-4a27-ba93-e92edafdefa5&id=467c2374-9c18-4fb0-b5a7-155dfca4d611",
+          "https://www.databreaches.net/b-files-leaked/",
+          "https://titaniam.io/ransomware-prevention-daixin-team-ransomware-group/",
+          "https://www.databreaches.net/update-daixin-leaks-more-data-from-bluewater-health-and-other-hospitals-databases-yet-to-be-leaked/"
+        ]
+      },
+      "uuid": "5e32baed-f4b5-4149-8540-7515ad8c4dc0",
+      "value": "Daixin Team"
     }
   ],
   "version": 295