TeamPCP, a financially motivated cybercrime group, launched a destructive wiper campaign targeting systems configured to Iran's timezone or Farsi locale. This activity, observed since March 2026, leverages a self-propagating worm dubbed "CanisterWorm" that spreads through exposed cloud services and wipes data on infected hosts.

Delivery Mechanism

TeamPCP employs automated exploitation of exposed cloud control planes, focusing on Docker APIs, Kubernetes clusters, Redis servers, and the React2Shell vulnerability (CVE-2022-29464). The group initially compromised corporate cloud environments starting December 2025, primarily targeting Azure (61%) and AWS (36%) infrastructure. In March 2026, TeamPCP executed a supply chain attack on Aqua Security's Trivy vulnerability scanner by injecting credential-stealing malware into official GitHub Action releases. This malware harvested SSH keys, cloud credentials, Kubernetes tokens, and cryptocurrency wallets.

Capabilities

The CanisterWorm infrastructure utilizes Internet Computer Protocol (ICP) canisters—blockchain-based smart contracts that provide tamper-resistant, distributed command and control (C2) capabilities. This design ensures persistent availability of malicious payloads as long as virtual currency fees are paid. Upon infection, the worm verifies if the victim's system is set to Iran's timezone or Farsi language. If confirmed and Kubernetes clusters are present, CanisterWorm wipes data across all cluster nodes. Absent Kubernetes, it destroys local machine data.

TeamPCP also conducts lateral movement within victim networks to exfiltrate credentials and sensitive data. Extortion attempts are conducted via Telegram channels where the group boasts of compromising large multinational corporations, including pharmaceutical companies.

Affected Platforms

The campaign targets cloud infrastructure predominantly on Microsoft Azure and Amazon Web Services. Compromises involve container orchestration platforms (Kubernetes), container runtimes (Docker), and key-value stores (Redis). End-user devices are less frequently targeted, with emphasis on cloud-native environments.

Detection Signatures

  • Network traffic to ICP canister endpoints associated with CanisterWorm.
  • Unusual activity exploiting Docker API, Kubernetes API, and Redis server vulnerabilities.
  • Presence of malicious Trivy versions in GitHub Actions workflows.
  • Bulk exfiltration attempts of SSH keys, cloud credentials, and Kubernetes tokens.
  • Sudden deletion or corruption of data on hosts with Iran timezone or Farsi locale configuration.

Removal Guidance

  • Immediately revoke and rotate compromised credentials, including SSH keys and cloud access tokens.
  • Audit and secure cloud control planes, particularly Docker APIs, Kubernetes clusters, and Redis servers.
  • Update to the latest official versions of Trivy obtained directly from Aqua Security after removal of malicious releases.
  • Monitor GitHub repositories and CI/CD pipelines for unauthorized workflow modifications.
  • Utilize endpoint detection and response (EDR) tools to detect anomalous wiper activity.
  • Block network communications to identified ICP canister domains.

Security vendors such as Flare and Wiz have analyzed TeamPCP's tactics, noting their industrialized use of known vulnerabilities rather than novel exploits. Organizations with cloud infrastructure in or near Iran should prioritize detection and mitigation of this threat to prevent data loss and extortion.

References:

  • Flare's TeamPCP Cloud-Native Ransomware Analysis
  • Aikido's CanisterWorm Technical Breakdown
  • Wiz Security report on Trivy Supply Chain Attack
  • Aqua Security's mitigation and Trivy cleanup