Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to threat actors

Daixin Team

Also known asDaixin Team

Daixin Team is a ransomware threat actor observed targeting healthcare and other sectors for financial gain, data theft, and extortion. The provided reporting directly links the group to multiple healthcare intrusions, including breaches at OakBend Medical, Fitzgibbon Hospital, at least one additional U.S. hospital in 2022, and a 2024 attack on Acadian Ambulance Service. In the Acadian Ambulance case, the group claimed responsibility for the ransomware attack, demanded $7 million, and alleged theft of information on 10 million patients; separate breach reporting listed the incident as a Daixin Team hacking incident with data theft confirmed affecting 2,896,985 individuals. The content also states that Daixin Team attacked AirAsia Group in 2022, with data from almost 5 million passengers and employees reportedly stolen. Based on the provided content, the group conducts ransomware operations involving data theft and threats to leak stolen information. No additional aliases or sub-groups are directly supported beyond the name Daixin Team.

Share:
Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial
OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Who they target

Sectors the actor has been observed targeting.

  • healthcare
MITRE ATT&CK

Tradecraft

1 distinct technique observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

1 of 15 tactics1 techniques×N= number of intelligence reports citing this technique
MITRE ATT&CK
TA0010
Exfiltration
1 technique
T1020×2
Automated Exfiltration
ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app
scworldNews
Feb 27, 2026
Malaysia Airlines allegedly breached by Qilin | brief | SC Media

Ransomware/extortion actor referenced as responsible for a 2022 attack on AirAsia Group resulting in theft of data for nearly 5 million passengers and employees.

Read more
hipaa journalNews
Jan 30, 2025
2024 Healthcare Data Breach Report

Intrusions into healthcare organizations resulting in confirmed data theft.

Read more
picus security blogNews
Aug 2, 2024
August 2024: Latest Malware, Vulnerabilities and Exploits

Daixin Team is a ransomware group known for targeting healthcare organizations, encrypting servers, and demanding large ransoms, with threats to leak sensitive data.

Read more
cyber show blogNews
Dec 20, 2022
2022 Year in Rear View

Daixin Team is a ransomware group responsible for attacks on US hospitals, encrypting data and demanding ransom payments.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.
Start free trial
Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping1

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.