A Financially Motivated Group Turns Its Worm Toward Iran
A financially motivated threat actor known as TeamPCP has injected itself into the ongoing conflict involving Iran by deploying a self-spreading worm with a destructive payload. The campaign, which materialized over the weekend of March 22–23, 2026, targets systems whose timezone corresponds to Iran or whose default language is set to Farsi — and proceeds to wipe data on those machines.
Security researcher Charlie Eriksen of Aikido first documented the wiper activity in a blog post published Sunday. He noted that if the wiper component confirms it is operating inside an Iranian environment and detects access to a Kubernetes cluster, it will destroy data across every node in that cluster. "If it doesn't, it will just wipe the local machine," Eriksen told KrebsOnSecurity.
Who Is TeamPCP?
TeamPCP is a relatively new cybercrime group that first surfaced in December 2025, when it began compromising corporate cloud environments using a self-propagating worm. The group's initial targets included exposed Docker APIs, Kubernetes clusters, Redis servers, and systems vulnerable to the React2Shell vulnerability. After gaining a foothold, the actors moved laterally through victim networks, harvested authentication credentials, and extorted victims over Telegram.
In January 2026, the security firm Flare published a detailed profile of TeamPCP. Analyst Assaf Morag wrote:
"TeamPCP's strength does not come from novel exploits or original malware, but from the large-scale automation and integration of well-known attack techniques. The group industrializes existing vulnerabilities, misconfigurations, and recycled tooling into a cloud-native exploitation platform that turns exposed infrastructure into a self-propagating criminal ecosystem."
Flare's research found that the group overwhelmingly targets cloud infrastructure rather than end-user devices. Azure accounted for 61% of compromised servers and AWS accounted for 36%, with the two platforms together representing 97% of the group's known victims.
The Trivy Supply Chain Attack
On March 19, TeamPCP executed a supply chain attack against Trivy, a widely used vulnerability scanner developed by Aqua Security. The attackers injected credential-stealing malware into official releases hosted on GitHub Actions. Aqua Security has since removed the malicious files, but not before the attackers published versions capable of exfiltrating SSH keys, cloud credentials, Kubernetes tokens, and cryptocurrency wallets from users, according to the security firm Wiz.
Eriksen said the same technical infrastructure TeamPCP used in the Trivy attack was later repurposed to deploy the new wiper payload over the weekend. It appears the group leveraged access obtained during the first Aqua Security compromise to carry out this follow-on operation.
What Is CanisterWorm?
Aikido has branded TeamPCP's infrastructure "CanisterWorm" because the group orchestrates its campaigns through an Internet Computer Protocol (ICP) canister — a tamperproof, blockchain-based system of smart contracts that combines both code and data. ICP canisters can serve web content directly to visitors, and their distributed architecture makes them resistant to takedown attempts. Crucially, these canisters remain reachable as long as their operators continue to pay the required virtual currency fees to keep them online.
Eriksen described the worm's behavior as erratic and rapidly evolving. "They've been taking [the malicious code] up and down, rapidly changing it adding new features," he said, adding that when the malicious canister was not serving malware downloads, it redirected visitors to a Rick Roll video on YouTube. "It's a little all over the place, and there's a chance this whole Iran thing is just their way of getting attention. I feel like these people are really playing this Chaotic Evil role here," Eriksen observed.
Bragging Rights and a Stash of Stolen Credentials
Members of TeamPCP have been boasting about their exploits in a Telegram group, claiming to have used the worm to steal large volumes of sensitive data from major companies, including a large multinational pharmaceutical firm. When the group compromised Aqua Security a second time, it also seized numerous GitHub accounts and used them to spam junk messages across the platform.
"It was almost like they were just showing off how much access they had. Clearly, they have an entire stash of these credentials, and what we've seen so far is probably a small sample of what they have," Eriksen said.
Security researchers believe the spam commits to GitHub repositories may serve a secondary purpose: keeping malware-tainted code packages prominent in GitHub's search results. Risky Business reporter Catalin Cimpanu, in a newsletter published the same day titled "GitHub is Starting to Have a Real Malware Problem," noted that attackers frequently push meaningless commits to repositories or purchase GitHub stars and "likes" from online services to keep malicious packages at the top of search rankings.
A Pattern of Supply Chain Abuse
The weekend's incident is the second major supply chain attack involving Trivy in the span of roughly a month. In late February, Trivy was targeted as part of an automated campaign called HackerBot-Claw, which mass-exploited misconfigured workflows in GitHub Actions to steal authentication tokens.
Cimpanu noted that supply chain attacks have risen sharply in frequency as threat actors recognize just how efficient they can be, and his post catalogued a troubling number of such incidents dating back to 2024. "While security firms appear to be doing a good job spotting this, we're also gonna need GitHub's security team to step up," Cimpanu wrote. "Unfortunately, on a platform designed to copy (fork) a project and create new versions of it (clones), spotting malicious additions to clones of legitimate repos might be quite the engineering problem to fix."
Second Scanner Compromised: KICS by Checkmarx
In an update published at 2:40 p.m. ET on March 23, Wiz reported that TeamPCP had also pushed credential-stealing malware to KICS, a vulnerability scanner developed by Checkmarx. According to Wiz, the scanner's GitHub Action was compromised between 12:58 and 16:50 UTC on March 23rd, adding a second major security tooling vendor to the list of victims in this rapidly evolving campaign.
Key Takeaways
- TeamPCP has been active since at least December 2025, targeting exposed cloud control planes rather than endpoints.
- The group's worm spreads through misconfigured Docker APIs, Kubernetes clusters, Redis servers, and systems vulnerable to the React2Shell flaw.
- On March 19, the group compromised Trivy's GitHub Actions pipeline to steal SSH keys, cloud credentials, Kubernetes tokens, and crypto wallets.
- Over the weekend of March 22–23, the same infrastructure was used to deploy CanisterWorm, a wiper payload targeting Iranian-localized systems.
- On March 23, the KICS scanner from Checkmarx was also compromised, with the malicious GitHub Action active between 12:58 and 16:50 UTC.
- Eriksen said there is no reliable way to determine whether the wiper successfully destroyed data, as the payload was only active for a short window.
Source: Krebs on Security