A sophisticated cybercrime group, dubbed TeamPCP, has been actively targeting cloud environments since late 2025, deploying a self-propagating worm named CanisterWorm. This malware relentlessly seeks out misconfigured Docker APIs, Kubernetes clusters, and Redis servers, as well as systems vulnerable to the React2Shell flaw. Its primary objective is to gain unauthorized access, steal sensitive credentials, and extort organizations via Telegram. The campaign has a notable impact on businesses utilizing both Azure and AWS for their cloud workloads.
The significant concern surrounding this threat stems from the advanced automation employed by TeamPCP. Research from security firm Flare indicates that approximately 61% of compromised servers are hosted on Azure, with another 36% on AWS, accounting for a combined 97% of affected infrastructure. Importantly, TeamPCP does not rely on novel exploit techniques; instead, it weaponizes known vulnerabilities and common cloud misconfigurations, effectively transforming exposed control planes into a self-spreading criminal enterprise.
CanisterWorm’s Escalation and Geographic Targeting
Further analysis by KrebsOnSecurity revealed that the same infrastructure used for data theft campaigns was later leveraged to launch a targeted wiper attack against systems associated with Iran. This marked a significant escalation in TeamPCP’s modus operandi.
On March 19, 2026, TeamPCP executed a supply chain attack targeting Trivy, a popular vulnerability scanner developed by Aqua Security. The attackers successfully injected credential-stealing malware into official GitHub Actions releases. This malicious code harvested a range of sensitive information, including SSH keys, cloud credentials, Kubernetes tokens, and cryptocurrency wallets from unsuspecting users. Although the compromised files were subsequently removed, considerable damage had already been inflicted.
During the weekend of March 22 to 23, 2026, the group deployed a new and destructive payload. This wiper is designed to activate based on specific system configurations, triggering if a victim system uses Iran’s standard timezone or has Farsi set as its default language.
Charlie Eriksen, a security researcher at Aikido, explained that the malware exhibits distinct behaviors based on these detected conditions. If the wiper identifies a Kubernetes cluster on a system configured with Iranian system settings, it will proceed to destroy data across all nodes within that cluster. In cases where no Kubernetes cluster is detected, the malware defaults to wiping the local machine.
This geographically targeted destruction represents a notable shift in threat actor strategy, indicating that financially motivated groups are increasingly integrating geo-specific logic to pursue politically charged objectives alongside their financial goals. Eriksen also noted that TeamPCP has been openly boasting on Telegram about gaining access to sensitive records from a large multinational pharmaceutical company.
The image above displays a segment of the malicious CanisterWorm code, illustrating its specific targeting of systems configured with Iran’s timezone or Farsi as the default language.
Blockchain-Backed Command Infrastructure
A particularly striking technical innovation employed by CanisterWorm is its use of Internet Computer Protocol (ICP) canisters for managing its attack infrastructure. These blockchain-based smart contracts are designed to encapsulate both code and data into a single, tamper-proof unit. ICP canisters possess the capability to directly serve web content to users and, by operating on a distributed blockchain network, are exceptionally resilient to takedown efforts.
.webp.jpeg)
As long as the operators continue to pay the associated virtual currency fees, these canisters remain operational and accessible. The provided infrastructure overview, as documented by Aikido, illustrates the deployment of CanisterWorm’s ICP canisters.
This blockchain-backed approach renders traditional takedown methods largely ineffective. While law enforcement and hosting providers commonly combat malware by seizing servers, a command structure anchored to a blockchain effectively circumvents these measures entirely.
TeamPCP has also demonstrated agility in modifying its malware payloads, introducing new functionalities, temporarily withdrawing the malware from active deployment, and even redirecting the canister to an unrelated YouTube video between attack operations. This continuous flexibility suggests the group is actively testing and refining its tools in real-time, significantly increasing the difficulty of detection and containment for defensive teams.
Organizations operating Docker, Kubernetes, or Redis within cloud environments are strongly advised to immediately audit their configurations for any exposed APIs or unauthenticated access points. Security teams should prioritize rotating SSH keys, cloud credentials, and Kubernetes tokens, particularly if Trivy or KICS was utilized in CI/CD pipelines around March 19 to 23, 2026. Continuous monitoring for lateral movement and locale-based anomalies within containers is also highly recommended.
Furthermore, owners of GitHub repositories should meticulously review their Actions workflows for any unauthorized modifications and implement stringent access controls on cloud control planes to minimize the vulnerabilities that groups like TeamPCP exploit. The ongoing evolution of CanisterWorm and TeamPCP’s tactics necessitates proactive and vigilant security practices across cloud infrastructure.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
