TeamPCP Weaponizes Cloud Infrastructure and Supply Chain Vulnerabilities to Deploy Data-Wiping Malware Targeting Iranian Systems
The landscape of global cyber warfare has witnessed a significant escalation as a financially motivated threat actor known as TeamPCP has transitioned from traditional data extortion to deploying destructive wiper malware. This group, which emerged prominently in late 2025, has begun injecting itself into geopolitical tensions by launching a self-propagating worm designed to erase data on systems located within Iran or configured with Farsi as the default language. By leveraging a sophisticated blend of cloud-native exploitation and supply chain compromises, TeamPCP has successfully infiltrated major security tools and cloud environments, signaling a dangerous evolution in the tactics of modern cybercriminal organizations.
The Emergence of TeamPCP and the CanisterWorm
TeamPCP first drew the attention of the cybersecurity community in December 2025. Unlike state-sponsored actors that often rely on bespoke zero-day vulnerabilities, TeamPCP distinguishes itself through the "industrialization" of existing flaws and the automation of well-known attack vectors. According to a profile published in January 2026 by the security firm Flare, the group focuses almost exclusively on cloud infrastructure rather than traditional end-user devices. Their methodology involves targeting exposed control planes, specifically focusing on misconfigured Docker APIs, Kubernetes clusters, and Redis servers.
Data indicates that TeamPCP’s operations are heavily weighted toward the most prominent cloud service providers. Flare’s research revealed that approximately 61% of the group’s compromised servers were hosted on Microsoft Azure, while 36% resided on Amazon Web Services (AWS). This 97% concentration on the two largest cloud providers highlights the group’s focus on high-value corporate environments where misconfigurations can lead to widespread lateral movement.
The group’s primary tool for propagation is a sophisticated worm that security researchers at Aikido have dubbed "CanisterWorm." The name is derived from the group’s innovative use of Internet Computer Protocol (ICP) canisters—tamperproof, blockchain-based smart contracts—to host their command-and-control (C2) infrastructure. These canisters are decentralized and highly resistant to traditional takedown efforts, as they remain operational as long as the operators continue to fund them with virtual currency.
The Shift to Destructive Wiper Tactics
While TeamPCP was initially identified as a data theft and extortion group, the past week has seen a pivot toward "Chaotic Evil" behavior, characterized by the deployment of a wiper component. Security researcher Charlie Eriksen of Aikido discovered that the latest iteration of the CanisterWorm includes a localized payload that executes based on the victim’s geographic and linguistic settings.
The malware performs a check of the system’s timezone and default language. If the timezone corresponds to Iran or the language is set to Farsi, the wiper logic is triggered. If the infected system has access to a Kubernetes cluster, the malware attempts to destroy data across every node in that cluster. In cases where no cluster is detected, the malware defaults to wiping the local machine’s storage.
This shift is particularly notable because it lacks a clear financial motive, which had previously defined the group. Experts suggest this may be an attempt by TeamPCP to gain notoriety or to exploit the ongoing geopolitical instability in the region. Eriksen noted that the group has been observed "Rickrolling" visitors to their malicious domains when the malware isn’t being actively served, suggesting a level of performative mischief alongside their destructive capabilities.
High-Profile Supply Chain Attacks: Trivy and KICS
The most alarming aspect of TeamPCP’s recent campaign is their successful exploitation of the software supply chain. In March 2026, the group targeted two major vulnerability scanners: Trivy, developed by Aqua Security, and KICS (Keeping Infrastructure as Code Secure), developed by Checkmarx.
On March 19, TeamPCP executed a supply chain attack against Trivy by injecting credential-stealing malware into official releases via GitHub Actions. This allowed the attackers to intercept sensitive data from users who downloaded the compromised versions, including SSH keys, cloud provider credentials, Kubernetes tokens, and cryptocurrency wallets. Aqua Security responded quickly by removing the harmful files, but the incident highlighted a recurring vulnerability in how GitHub Actions are managed.
The situation escalated on March 23, when security firm Wiz reported that TeamPCP had similarly compromised the KICS scanner. Between 12:58 and 16:50 UTC, malicious code was pushed to the KICS GitHub Action, mirroring the tactics used in the Trivy breach. These incidents represent a significant threat to the DevSecOps community, as tools designed to enhance security were repurposed to facilitate data theft and system destruction.
Chronology of TeamPCP Operations
The rapid progression of TeamPCP’s activities suggests a highly organized and automated operation:
- December 2025: TeamPCP begins large-scale compromises of corporate cloud environments, targeting Docker and Kubernetes via the React2Shell vulnerability and exposed APIs.
- January 2026: Security firms publish the first comprehensive profiles of the group, identifying their focus on Azure and AWS and their use of automated lateral movement for extortion.
- Late February 2026: The Trivy scanner is hit by a separate automated threat known as HackerBot-Claw, setting the stage for subsequent supply chain vulnerabilities.
- March 19, 2026: TeamPCP successfully injects malware into the official Trivy GitHub repository, initiating a major supply chain infection.
- March 22, 2026: Researchers identify the "CanisterWorm" payload targeting Iranian systems with a data-wiping component.
- March 23, 2026: TeamPCP compromises the KICS vulnerability scanner from Checkmarx, further expanding their reach into the developer community.
Technical Analysis of Exploitation Techniques
TeamPCP’s success does not stem from novel exploits but from the relentless automation of existing techniques. The group utilizes "recycled" tooling integrated into a cloud-native platform. Their primary entry points often involve:
- Exposed Docker and Kubernetes APIs: By finding misconfigured control planes, the group can gain immediate administrative access to containerized environments.
- Redis Server Exploitation: Unprotected Redis instances are used to gain initial footholds and move laterally through internal networks.
- Credential Snarfing: Once inside, the worm automatically searches for environment variables,
.sshdirectories, and cloud configuration files to exfiltrate credentials. - ICP Canister Infrastructure: By hosting their malware and C2 on the Internet Computer Protocol, TeamPCP ensures that their infrastructure is distributed and virtually impossible for a single entity to shut down.
Assaf Morag of Flare emphasized that TeamPCP has "industrialized" these vulnerabilities, turning exposed infrastructure into a self-propagating criminal ecosystem. This approach allows them to compromise thousands of servers with minimal manual intervention.
Industry Reactions and the GitHub Malware Problem
The recurring nature of these supply chain attacks has sparked a broader debate about the security of open-source platforms. Catalin Cimpanu of Risky Business recently highlighted that GitHub is facing a systemic malware problem. Attackers are increasingly using techniques like "star-buying" and pushing meaningless commits to keep their malicious repositories at the top of search results.
"While security firms appear to be doing a good job spotting this, we’re also gonna need GitHub’s security team to step up," Cimpanu wrote. He noted that the platform’s core features—forking and cloning—make it difficult to distinguish between legitimate projects and malicious replicas that have been subtly altered.
Aqua Security and Checkmarx have both issued statements regarding the breaches, urging users to verify their versions and rotate any credentials that may have been exposed during the compromise windows. However, the transient nature of TeamPCP’s payloads—which are frequently taken up and down—makes it difficult for organizations to determine the exact extent of the data loss.
Broader Implications and Security Recommendations
The pivot of a financially motivated group like TeamPCP toward destructive wiper attacks suggests a blurring of the lines between cybercrime and cyber warfare. For organizations operating in or around geopolitical conflict zones, the risk profile has changed; it is no longer just about protecting against theft, but also against total data loss.
To mitigate the risks posed by groups like TeamPCP, security experts recommend several critical steps:
- Secure Cloud Control Planes: Ensure that Docker APIs and Kubernetes clusters are not exposed to the public internet and require robust authentication.
- Monitor GitHub Actions: Organizations should implement strict controls over the GitHub Actions they use, pinning them to specific commit SHAs rather than mutable tags.
- Credential Rotation: In the wake of any supply chain incident involving security scanners, organizations must assume all credentials used by those scanners are compromised and initiate a full rotation.
- Geographic Data Redundancy: Given the emergence of wipers targeting specific locales, maintaining off-site, immutable backups is essential for disaster recovery.
As TeamPCP continues to brag about their exploits on Telegram, claiming to have stolen data from multinational pharmaceutical firms and major tech entities, the cybersecurity community remains on high alert. The group’s ability to rapidly weaponize cloud infrastructure and supply chain vulnerabilities represents a formidable challenge for global digital defenses.
Related posts:
