A cybercrime group deployed a wiper attack targeting Iran over the weekend. The malware spreads through poorly secured cloud services and destroys data on infected systems that use Iran's time zone or have Farsi set as the default language. The wiper campaign came from TeamPCP, a financially motivated data theft and extortion group that started operations in December 2025. The group compromises corporate cloud environments using a self-propagating worm that targets exposed Docker APIs, Kubernetes clusters, Redis servers, and the React2Shell vulnerability. TeamPCP moves laterally through victim networks, steals authentication credentials, and extorts victims over Telegram.
Security firm Flare profiled TeamPCP in January and found the group weaponizes exposed control planes rather than exploiting endpoints, predominantly targeting cloud infrastructure over end-user devices. Azure accounts for 61% of compromised servers and AWS accounts for 36%. "TeamPCP's strength does not come from novel exploits or original malware, but from the large-scale automation and integration of well-known attack techniques," wrote Flare's Assaf Morag. "The group industrializes existing vulnerabilities, misconfigurations, and recycled tooling into a cloud-native exploitation platform that turns exposed infrastructure into a self-propagating criminal ecosystem."
On March 19, TeamPCP executed a supply chain attack against the vulnerability scanner Trivy from Aqua Security, injecting credential-stealing malware into official releases on GitHub. Aqua Security removed the harmful files but security firm Wiz notes the attackers published malicious versions that stole SSH keys, cloud credentials, Kubernetes tokens and cryptocurrency wallets from users. Over the weekend, the same infrastructure TeamPCP used in the Trivy attack deployed a new malicious payload that executes a wiper attack if the user's timezone and locale correspond to Iran. Charlie Eriksen, a security researcher at Aikido, said if the wiper detects the victim is in Iran and has access to a Kubernetes cluster, it destroys data on every node in that cluster. If not, it wipes the local machine.
The malware's decision tree is simple and brutal. Kubernetes plus Iran equals deploy a wiper that destroys every node in the cluster. Kubernetes plus elsewhere equals deploy a backdoor on every node. No Kubernetes plus Iran equals run rm -rf with no-preserve-root to wipe the local system. No Kubernetes plus elsewhere equals exit and do nothing. Aikido refers to TeamPCP's infrastructure as CanisterWorm because the group orchestrates campaigns using an Internet Computer Protocol canister, a system of tamperproof, blockchain-based smart contracts that combine code and data. ICP canisters can serve web content directly to visitors and their distributed architecture makes them resistant to takedown attempts. The canisters remain reachable as long as operators continue paying virtual currency fees.
Eriksen said the people behind TeamPCP are bragging about their exploits in a Telegram group and claim to have used the worm to steal vast amounts of sensitive data from major companies, including a large multinational pharmaceutical firm. "When they compromised Aqua a second time, they took a lot of GitHub accounts and started spamming these with junk messages. It was almost like they were just showing off how much access they had. Clearly, they have an entire stash of these credentials, and what we've seen so far is probably a small sample of what they have." Security experts say the spammed GitHub messages could be a way for TeamPCP to ensure code packages tainted with their malware remain prominent in GitHub searches. Risky Business reporter Catalin Cimpanu wrote that attackers often push meaningless commits to their repos or use online services that sell GitHub stars and likes to keep malicious packages at the top of the GitHub search page.
This weekend's outbreak is the second major supply chain attack involving Trivy in two months. At the end of February, Trivy was hit as part of an automated threat called HackerBot-Claw, which mass exploited misconfigured workflows in GitHub Actions to steal authentication tokens. Eriksen said it appears TeamPCP used access gained in the first attack on Aqua Security to perpetrate this weekend's attack. There is no reliable way to tell whether TeamPCP's wiper succeeded in trashing any data from victim systems. The malicious payload was only active for a short time over the weekend. "They've been taking the malicious code up and down, rapidly changing it adding new features. When the malicious canister wasn't serving up malware downloads it was pointing visitors to a Rick Roll video on YouTube. It's a little all over the place, and there's a chance this whole Iran thing is just their way of getting attention. I feel like these people are really playing this Chaotic Evil role here."
Cimpanu observed that supply chain attacks have increased in frequency as threat actors grasp how efficient they can be. His post documents an alarming number of these incidents since 2024. "While security firms appear to be doing a good job spotting this, we're also gonna need GitHub's security team to step up. Unfortunately, on a platform designed to copy a project and create new versions of it, spotting malicious additions to clones of legitimate repos might be quite the engineering problem to fix." Wiz reported that TeamPCP also pushed credential stealing malware to the KICS vulnerability scanner from Checkmarx. The scanner's GitHub Action was compromised between 12:58 and 16:50 UTC on March 23.
TeamPCP operates by compromising cloud infrastructure through exposed APIs and misconfigurations, then uses that access to inject malware into legitimate software distribution channels. The group stole credentials from Aqua Security's vulnerability scanner Trivy and used those credentials to push malicious code into official releases. Users who ran the compromised scanner had their SSH keys, cloud credentials, and cryptocurrency wallets stolen. TeamPCP then used that same access to deploy a wiper targeting Iranian systems. The wiper checks the victim's timezone and language settings. If both match Iran, it destroys data. If the victim has access to a Kubernetes cluster, it wipes every node. If not, it wipes the local machine. Systems outside Iran get infected with a backdoor instead of wiped. The malware spreads automatically through poorly secured cloud services, creating a self-propagating attack that requires no additional action from TeamPCP once deployed.
Supply chain attacks work because users trust official software repositories. When TeamPCP compromises a vulnerability scanner like Trivy and injects malware into official releases on GitHub, users download and run the malicious code thinking it's legitimate. The same infrastructure used for software distribution becomes infrastructure for malware distribution. GitHub's design makes this worse. The platform is built for copying and modifying code. Spotting malicious additions to clones of legitimate repositories is difficult when cloning and modifying is the intended use case. TeamPCP uses blockchain-based canisters to host their command and control infrastructure. These canisters are resistant to takedowns because they run on distributed networks rather than centralized servers. Law enforcement cannot seize them. Security researchers cannot disable them. The canisters stay online as long as TeamPCP pays the fees. The group can modify the malware, change targets, or serve Rick Roll videos at will. The infrastructure adapts faster than defenders can respond.
Blackout VPN exists because privacy is a right. Your first name is too much information for us.
Keep learning
FAQ
What is TeamPCP?
TeamPCP is a financially motivated cybercrime group that started operations in December 2025. The group compromises corporate cloud environments using self-propagating worms that target exposed Docker APIs, Kubernetes clusters, and Redis servers, then steals credentials and extorts victims.
How does the Iran wiper work?
The malware checks the victim's timezone and language settings. If both match Iran and the victim has Kubernetes access, it wipes every node in the cluster. If not, it wipes the local machine. Systems outside Iran get a backdoor installed instead.
What vulnerability scanners were compromised?
TeamPCP injected credential-stealing malware into Trivy from Aqua Security on March 19 and KICS from Checkmarx on March 23. The malicious versions stole SSH keys, cloud credentials, Kubernetes tokens, and cryptocurrency wallets from users who ran the scanners.
What is CanisterWorm?
CanisterWorm is the infrastructure TeamPCP uses to orchestrate campaigns. The group uses Internet Computer Protocol canisters, tamperproof blockchain-based smart contracts that serve web content and resist takedown attempts because they run on distributed networks.
Did the wiper successfully destroy data?
There is no reliable way to tell. The malicious payload was only active for a short time over the weekend. TeamPCP rapidly changed the code and alternated between serving malware and Rick Roll videos, suggesting the Iran attack may have been a publicity stunt.