A financially motivated data theft and extortion group, identified as TeamPCP, has launched a sophisticated worm-based wiper attack, code-named "CanisterWorm," specifically targeting Iranian entities. This malicious campaign, which materialized over the past weekend, exploits poorly secured cloud services and targets systems configured with Iran’s time zone or Farsi as the default language, with the aim of wiping critical data. TeamPCP, a relatively new player in the cybercrime landscape, has demonstrated a pattern of aggressively compromising corporate cloud environments since December 2025. Their modus operandi involves exploiting exposed Docker APIs, Kubernetes clusters, and Redis servers, along with a specific vulnerability known as React2Shell. Once inside a victim’s network, TeamPCP focuses on lateral movement, siphoning authentication credentials and leveraging Telegram for extortion.

Security firm Flare, in a profile published in January, highlighted TeamPCP’s strategic approach, emphasizing their reliance on weaponizing exposed control planes rather than targeting individual endpoints. Their primary focus is cloud infrastructure, with Azure (61%) and AWS (36%) accounting for a staggering 97% of their compromised servers. Assaf Morag of Flare noted, "TeamPCP’s strength does not come from novel exploits or original malware, but from the large-scale automation and integration of well-known attack techniques. The group industrializes existing vulnerabilities, misconfigurations, and recycled tooling into a cloud-native exploitation platform that turns exposed infrastructure into a self-propagating criminal ecosystem."

The group’s aggressive tactics were further underscored on March 19th when they executed a significant supply chain attack against Trivy, a vulnerability scanner developed by Aqua Security. TeamPCP successfully injected credential-stealing malware into official Trivy releases hosted on GitHub Actions. While Aqua Security has since removed the malicious files, security firm Wiz confirmed that attackers managed to publish compromised versions capable of exfiltrating sensitive information, including SSH keys, cloud credentials, Kubernetes tokens, and cryptocurrency wallets.

This same technical infrastructure, previously used in the Trivy attack, was leveraged over the weekend to deploy the CanisterWorm payload. Charlie Eriksen, a security researcher at Aikido, detailed in a blog post published on Sunday how this new malicious payload executes a wiper attack if it detects that a victim’s system is configured with Iran’s time zone and locale. The worm’s destructive capabilities are particularly potent when it identifies access to a Kubernetes cluster. In such scenarios, it is designed to systematically destroy data on every node within that cluster. If a Kubernetes cluster is not detected, the wiper defaults to wiping the local machine.

Aikido refers to TeamPCP’s operational infrastructure as "CanisterWorm" due to the group’s utilization of an Internet Computer Protocol (ICP) canister. These canisters are tamperproof, blockchain-based "smart contracts" that encapsulate both code and data. Their distributed architecture makes them highly resistant to takedown efforts, and they can serve web content directly. As long as their operators continue to pay the virtual currency fees, these canisters remain accessible, providing a persistent command-and-control mechanism for TeamPCP’s operations.

Evidence suggests that TeamPCP is actively bragging about their exploits within a Telegram group, claiming to have pilfered vast quantities of sensitive data from major corporations, including a significant multinational pharmaceutical firm. Eriksen elaborated on the group’s brazen behavior: "When they compromised Aqua a second time, they took a lot of GitHub accounts and started spamming these with junk messages. It was almost like they were just showing off how much access they had. Clearly, they have an entire stash of these credentials, and what we’ve seen so far is probably a small sample of what they have."

Security experts believe these spammed GitHub messages may be a deliberate tactic by TeamPCP to artificially boost the visibility of their tainted code packages in GitHub searches. Catalin Cimpanu, in a recent newsletter titled "GitHub is Starting to Have a Real Malware Problem," noted that attackers frequently engage in pushing meaningless commits to repositories or utilizing services that sell GitHub stars and "likes" to ensure their malicious packages remain at the top of search results.

This latest outbreak marks the second significant supply chain attack involving Trivy in as many months. At the end of February, Trivy was targeted as part of an automated threat known as HackerBot-Claw, which exploited misconfigured workflows in GitHub Actions to steal authentication tokens. Eriksen suggests that TeamPCP likely leveraged the access gained from the initial attack on Aqua Security to perpetrate the recent malicious activity. However, he cautioned that it remains difficult to definitively confirm whether the wiper attack successfully destroyed data on any victim systems, as the malicious payload was only active for a limited period over the weekend.

"They’ve been taking [the malicious code] up and down, rapidly changing it adding new features," Eriksen stated, observing that when the malicious canister was not actively distributing malware, it was redirecting visitors to a Rick Astley "Rick Roll" video on YouTube. He speculated, "It’s a little all over the place, and there’s a chance this whole Iran thing is just their way of getting attention. I feel like these people are really playing this Chaotic Evil role here."

Cimpanu further observed that supply chain attacks are on the rise, with threat actors recognizing their efficiency. His reporting documents an alarming increase in such incidents since 2024. "While security firms appear to be doing a good job spotting this, we’re also gonna need GitHub’s security team to step up," Cimpanu wrote. "Unfortunately, on a platform designed to copy (fork) a project and create new versions of it (clones), spotting malicious additions to clones of legitimate repos might be quite the engineering problem to fix."

Adding to the severity of the situation, Wiz reported on March 23rd that TeamPCP had also compromised the KICS vulnerability scanner from Checkmarx, pushing credential-stealing malware to its GitHub Action between 12:58 and 16:50 UTC on that day. This expansion of TeamPCP’s targeting indicates a widening and persistent threat to software supply chains. The group’s multifaceted approach, combining data theft, extortion, and destructive wiper attacks, coupled with their innovative use of blockchain technology for command and control, positions them as a formidable and evolving threat in the cybercriminal landscape. The implications for organizations operating within or connected to Iran, as well as the broader implications for software supply chain security, are significant and demand urgent attention from both cybersecurity professionals and platform providers like GitHub.