In a bold escalation of cyber conflict, a financially driven crime group known as TeamPCP has launched a wiper campaign that specifically targets systems tied to Iran. The malware, dubbed CanisterWorm, spreads through vulnerable cloud services and destroys data on machines configured with Iran's time zone or the Farsi language. This attack marks a dangerous fusion of cybercrime and geopolitical sabotage. Here are eight essential facts about the operation.
1. TeamPCP: A New Player With Old Tactics
TeamPCP first appeared in December 2025, quickly making a name for itself through data theft and extortion. The group communicates with victims over Telegram, demanding payment after stealing credentials and sensitive files. Despite being relatively new, they have refined a playbook of exploiting common cloud misconfigurations rather than developing novel exploits. Their focus on automated, large-scale compromise sets them apart from traditional ransomware gangs.
2. CanisterWorm: A Self-Propagating Cloud Threat
The centerpiece of the operation is CanisterWorm, a self-propagating worm that seeks out exposed cloud infrastructure. It targets poorly secured Docker APIs, Kubernetes clusters, Redis servers, and the React2Shell vulnerability. Once inside, it moves laterally, harvesting authentication tokens and cloud credentials. This worm is named after the Internet Computer Protocol (ICP) canisters—blockchain-based smart contracts that the group uses to orchestrate attacks in a tamperproof manner.
3. Iran-Specific Wiping Logic
What makes CanisterWorm unique is its conditional wiper component. After compromising a system, it checks the time zone and default language. Only if the settings match Iran (UTC+3:30) or Farsi does it activate the destructive payload. This precision ensures that collateral damage is minimized, but it also signals a clear geopolitical target. The wiper then proceeds to delete files and render machines unusable.
4. Exploitation of Misconfigured Cloud Services
TeamPCP's success relies on abusing misconfigurations rather than zero-day exploits. They scan for open Docker sockets, unsecured Kubernetes dashboards, and Redis instances without authentication. The React2Shell vulnerability also plays a role, allowing remote code execution. By weaponizing these common oversights, the group can infiltrate environments with minimal effort, then use stolen credentials to expand their foothold.
5. Cloud-First Targeting: Azure and AWS Dominance
According to security firm Flare, TeamPCP focuses almost exclusively on cloud infrastructure rather than endpoints. Their compromised servers are heavily skewed toward Microsoft Azure (61%) and Amazon Web Services (36%), accounting for 97% of their victims. The group bypasses traditional security controls by attacking control planes—the management layers of cloud environments—where misconfigurations are more common.
6. Industrialized Attack Automation
Flare's research describes TeamPCP's approach as an industrialized exploitation platform. They systematically combine known vulnerabilities, leaked tools, and automated scanning to turn exposed cloud resources into a criminal ecosystem. As Flare's Assaf Morag noted, the group's strength lies not in innovation but in the scale and integration of existing techniques. This enables them to compromise hundreds of servers quickly.
7. Supply Chain Poisoning of Trivy Scanner
On March 19, 2025, TeamPCP executed a supply chain attack on the popular vulnerability scanner Trivy by Aqua Security. They injected credential-stealing malware into official releases through compromised GitHub Actions. The malicious versions captured SSH keys, cloud tokens, Kubernetes secrets, and cryptocurrency wallets from users. Although Aqua Security removed the harmful files, the incident demonstrated the group's ability to infiltrate trusted software supply chains.
8. Cluster-Wide Data Destruction
Security researcher Charlie Eriksen from Aiko.io disclosed that the same infrastructure used in the Trivy attack deployed the wiper payload over the weekend. If the victim's machine is determined to be in Iran and has access to a Kubernetes cluster, the wiper destroys data on every node in that cluster. If no cluster is present, it wipes the local machine instead. This capability makes the attack devastating for organizations reliant on containerized environments.
The CanisterWorm campaign blurs the line between cybercrime and state-targeted sabotage. By leveraging automated cloud exploitation and a conditional wiper, TeamPCP has created a threat that is both financially motivated and politically charged. Organizations operating in or serving Iran should immediately review their cloud security postures and monitor for signs of TeamPCP's infrastructure. The use of blockchain-based canisters for command and control adds a layer of resilience that makes takedowns difficult. As this group continues to evolve, defenders must adapt to their industrial scale.