A financially motivated data theft group is trying to insert itself into the war in Iran, releasing a worm that spreads through poorly secured cloud services and wipes data from infected systems that use Iran’s time zone or set Farsi as the default language.
Experts say the wiper campaign against Iran took place this past weekend and comes from a new cyber crime group known as TeamPCP. In December 2025, the group began to compromise corporate cloud environments using a self-spawning worm that went after Docker APIs, Kubernetes clusters, Redis servers, and React2Shell vulnerabilities. TeamPCP then tried to move sideways by using the victims’ networks, issuing credentials and scamming the victims via Telegram.
Caption of the malicious CanisterWorm that searches for and destroys data on systems that have the Iran time zone or have Farsi as the default language. Photo: Aikido.dev.
In a profile of TeamPCP published in January, the security company Burning said the group is equipping exposed control planes instead of exploiting endpoints, particularly targeting cloud infrastructure on end-user devices, with Azure (61%) and AWS (36%) accounting for 97% of vulnerable servers.
“TeamPCP’s strength comes not from novel exploits or malware, but from large-scale automation and integration of known attack techniques,” Flare’s. Assaf Morag he wrote. “The group is industrializing existing vulnerabilities, vulnerabilities, and recycled tools into an organic exploitation platform that turns exposed infrastructure into a self-propagating criminal system.”
On March 19, TeamPCP conducted a supply chain attack against a vulnerable scanner Trivy from Aqua Safetyincludes malware to steal information from official releases on GitHub. Aqua Security said it has removed the malicious files, but security firm Wiz notes that attackers were able to publish malicious versions that captured users’ SSH keys, cloud credentials, Kubernetes tokens and cryptocurrency wallets.
Over the weekend, the same TeamPCP infrastructure used in the Trivy attack was used to release a new malicious payload that performs a wiper attack if the time zone and user are determined to be aligned with Iran, it said. Charlie Eriksensecurity researcher at Aikido. In a blog post published on Sunday, Eriksen said that if the wiper component detects that the victim is in Iran and has access to a Kubernetes cluster, it will destroy data on all nodes in that cluster.
“If it doesn’t do that it will just wipe the local machine,” Eriksen told KrebsOnSecurity.
Photo: Aikido.dev.
Aikido calls the TeamPCP infrastructure “The CanisterWorm” because the group organizes its campaigns using the Internet Computer Protocol (ICP) canister — a system of “smart contracts” based on the blockchain that includes both code and data. ICP canisters can serve web content to visitors, and their distributed properties make them resistant to takedown attempts. These boxes will remain accessible as long as their currency operators continue to pay online.
Eriksen said the people behind TeamPCP bragged about their work on the Telegram group and said they used the worm to steal sensitive information from large companies, including a large multinational pharmaceutical company.
“When they compromised Aqua the second time, they took over multiple GitHub accounts and started spamming these with spam,” Eriksen said. “It was like they were just showing how far they can go. Obviously, they have a lot of these traits, and what we’ve seen so far is just a small sample of what they have.”
Security experts say GitHub’s spam messages could be TeamPCP’s way of ensuring that any malware-tainted code packages will remain prominent in GitHub searches. In a newsletter published today titled GitHub Begins to Have a Real Malware Problem, Risky Business a reporter Catalin Cimpanu he writes that attackers are often seen pushing trivial commits to their own repositories or using online resources that sell GitHub stars and “likes” to keep malicious packages at the top of GitHub’s search page.
This weekend’s outbreak is the second major supply chain attack involving Trivy in as many months. In late February, Trivy was hit as part of an automated threat called HackerBot-Claw, which exploited poorly configured workflows in GitHub Actions to steal authentication tokens.
Eriksen said it appears that TeamPCP used the access gained from the first Aqua Security attack to carry out this weekend’s mischief. But he said there was no reliable way to tell whether TeamPCP’s wiper was actually successful in dumping any data on victims’ systems, and that the malicious payload was only active for a short time over the weekend.
“They have been taking for a long time [the malicious code] up and down, it changes rapidly and adds new features,” Eriksen said, noting that when the malicious canister was inactive the malware download pointed visitors to a Rick Roll video on YouTube.
“The whole area is small, and there’s a chance that this whole Iran thing is their way of getting attention,” Eriksen said. “I feel like these people are playing the role of Chaotic Evil here.”
Cimpanu noted that supply chain attacks have increased in frequency of late as threat actors begin to understand how effective they can be, and his post documents an alarming number of these incidents since 2024.
“While security firms seem to be doing a good job of realizing this, we will also need GitHub’s security team to step up,” Cimpanu wrote. “Unfortunately, in a platform designed to copy (fork) a project and create new versions of it (clones), seeing malicious additions to clones of official sites can be an engineering problem to fix.”
Update, 2:40 pm ET: The Wiz reports that TeamPCP has also pushed the malware to steal information KICS vulnerability scanner from Checkmarxand that the GitHub action of the scanner was compromised between 12:58 and 16:50 UTC today (March 23).
