A financially motivated information theft and extortion group is making an attempt to inject itself into the Iran struggle, unleashing a worm that spreads by poorly secured cloud providers and wipes information on contaminated programs that use Iran’s time zone or have Farsi set because the default language.
Specialists say the wiper marketing campaign in opposition to Iran materialized this previous weekend and got here from a comparatively new cybercrime group often known as TeamPCP. In December 2025, the group started compromising company cloud environments utilizing a self-propagating worm that went after uncovered Docker APIs, Kubernetes clusters, Redis servers, and the React2Shell vulnerability. TeamPCP then tried to maneuver laterally by sufferer networks, siphoning authentication credentials and extorting victims over Telegram.
A snippet of the malicious CanisterWorm that seeks out and destroys information on programs that match Iran’s timezone or have Farsi because the default language. Picture: Aikido.dev.
In a profile of TeamPCP printed in January, the safety agency Flare mentioned the group weaponizes uncovered management planes somewhat than exploiting endpoints, predominantly concentrating on cloud infrastructure over end-user units, with Azure (61%) and AWS (36%) accounting for 97% of compromised servers.
“TeamPCP’s strength does not come from novel exploits or original malware, but from the large-scale automation and integration of well-known attack techniques,” Flare’s Assaf Morag wrote. “The group industrializes existing vulnerabilities, misconfigurations, and recycled tooling into a cloud-native exploitation platform that turns exposed infrastructure into a self-propagating criminal ecosystem.”
On March 19, TeamPCP executed a provide chain assault in opposition to the vulnerability scanner Trivy from Aqua Safety, injecting credential-stealing malware into official releases on GitHub actions. Aqua Safety mentioned it has since eliminated the dangerous information, however the safety agency Wiz notes the attackers had been in a position to publish malicious variations that snarfed SSH keys, cloud credentials, Kubernetes tokens and cryptocurrency wallets from customers.
Over the weekend, the identical technical infrastructure TeamPCP used within the Trivy assault was leveraged to deploy a brand new malicious payload which executes a wiper assault if the person’s timezone and locale are decided to correspond to Iran, mentioned Charlie Eriksen, a safety researcher at Aikido. In a weblog put up printed on Sunday, Eriksen mentioned if the wiper element detects that the sufferer is in Iran and has entry to a Kubernetes cluster, it can destroy information on each node in that cluster.
“If it doesn’t it will just wipe the local machine,” Eriksen informed KrebsOnSecurity.
Picture: Aikido.dev.
Aikido refers to TeamPCP’s infrastructure as “CanisterWorm” as a result of the group orchestrates their campaigns utilizing an Web Pc Protocol (ICP) canister — a system of tamperproof, blockchain-based “smart contracts” that mix each code and information. ICP canisters can serve Net content material on to guests, and their distributed structure makes them immune to takedown makes an attempt. These canisters will stay reachable as long as their operators proceed to pay digital foreign money charges to maintain them on-line.
Eriksen mentioned the individuals behind TeamPCP are bragging about their exploits in a gaggle on Telegram and declare to have used the worm to steal huge quantities of delicate information from main corporations, together with a big multinational pharmaceutical agency.
“When they compromised Aqua a second time, they took a lot of GitHub accounts and started spamming these with junk messages,” Eriksen mentioned. “It was almost like they were just showing off how much access they had. Clearly, they have an entire stash of these credentials, and what we’ve seen so far is probably a small sample of what they have.”
Safety consultants say the spammed GitHub messages might be a means for TeamPCP to make sure that any code packages tainted with their malware will stay outstanding in GitHub searches. In a publication printed immediately titled GitHub is Beginning to Have a Actual Malware Drawback, Dangerous Enterprise reporter Catalin Cimpanu writes that attackers typically are seen pushing meaningless commits to their repos or utilizing on-line providers that promote GitHub stars and “likes” to maintain malicious packages on the high of the GitHub search web page.
This weekend’s outbreak is the second main provide chain assault involving Trivy in as many months. On the finish of February, Trivy was hit as a part of an automatic menace known as HackerBot-Claw, which mass exploited misconfigured workflows in GitHub Actions to steal authentication tokens.
Eriksen mentioned it seems TeamPCP used entry gained within the first assault on Aqua Safety to perpetrate this weekend’s mischief. However he mentioned there isn’t any dependable solution to inform whether or not TeamPCP’s wiper truly succeeded in trashing any information from sufferer programs, and that the malicious payload was solely lively for a short while over the weekend.
“They’ve been taking [the malicious code] up and down, rapidly changing it adding new features,” Eriksen mentioned, noting that when the malicious canister wasn’t serving up malware downloads it was pointing guests to a Rick Roll video on YouTube.
“It’s a little all over the place, and there’s a chance this whole Iran thing is just their way of getting attention,” Eriksen mentioned. “I feel like these people are really playing this Chaotic Evil role here.”
Cimpanu noticed that provide chain assaults have elevated in frequency of late as menace actors start to know simply how environment friendly they are often, and his put up paperwork an alarming variety of these incidents since 2024.
“While security firms appear to be doing a good job spotting this, we’re also gonna need GitHub’s security team to step up,” Cimpanu wrote. “Unfortunately, on a platform designed to copy (fork) a project and create new versions of it (clones), spotting malicious additions to clones of legitimate repos might be quite the engineering problem to fix.”
