A sophisticated and financially motivated cybercriminal syndicate known as TeamPCP has significantly escalated its operations by introducing a destructive "wiper" component into its global campaign, specifically targeting systems within the Iranian jurisdiction. This development marks a pivot from the group’s traditional focus on data extortion and credential theft toward geopolitically flavored disruption. The group, which first emerged as a major threat in late 2025, has leveraged poorly secured cloud services and high-profile supply chain vulnerabilities to distribute a self-propagating worm that selectively destroys data based on a system’s geographic and linguistic configuration.
According to cybersecurity researchers at Aikido and Wiz, the wiper campaign materialized over the weekend of March 21-22, 2026. The malicious payload, dubbed "CanisterWorm," contains logic designed to detect if an infected host is set to Iran’s time zone or has Farsi configured as its default language. Upon confirmation of these parameters, the malware initiates a destructive sequence: if the system has access to a Kubernetes cluster, the worm attempts to wipe data across every node in that cluster; otherwise, it executes a localized wipe of the infected machine’s storage.
The Evolution of TeamPCP: From Extortion to Destruction
TeamPCP first drew significant industry attention in December 2025. Unlike traditional ransomware groups that focus on encrypting end-user devices, TeamPCP specialized in compromising corporate cloud environments. Their methodology involved the industrial-scale automation of attacks against exposed Docker APIs, Kubernetes clusters, Redis servers, and the exploitation of the "React2Shell" vulnerability.
In a comprehensive threat profile published in January 2026, the security firm Flare noted that TeamPCP’s operational strength lies not in the creation of novel zero-day exploits, but in the highly efficient integration of well-known attack techniques. Assaf Morag, a lead researcher at Flare, characterized the group as an "industrializer" of vulnerabilities. By weaponizing exposed control planes rather than individual endpoints, TeamPCP has managed to build a self-propagating criminal ecosystem. Data from Flare indicates that the group’s targets are almost exclusively cloud-based, with Microsoft Azure accounting for 61% of compromised servers and Amazon Web Services (AWS) making up 36%.
Throughout early 2026, the group primarily functioned as a data theft and extortion ring. They would move laterally through compromised networks, siphoning authentication credentials, SSH keys, and cloud tokens, subsequently demanding payment via Telegram. The sudden shift toward deploying a wiper—malware designed specifically to delete data rather than hold it for ransom—suggests a change in the group’s tactical objectives or a desire to sow "chaotic evil" within the digital landscape.
Supply Chain Compromise: The Trivy and KICS Incidents
The distribution of the Iranian-targeted wiper was facilitated through a series of bold supply chain attacks against popular developer tools. On March 19, 2026, TeamPCP successfully compromised the official GitHub repository for Trivy, a widely used vulnerability scanner maintained by Aqua Security. By injecting credential-stealing malware into official releases via GitHub Actions, the attackers were able to intercept SSH keys, Kubernetes tokens, and cryptocurrency wallets from unsuspecting developers and DevOps teams.
While Aqua Security moved quickly to remove the compromised files, the infrastructure established during the Trivy breach was repurposed just days later to deploy the CanisterWorm wiper. Charlie Eriksen, a security researcher at Aikido, observed that the technical framework used to steal credentials on March 19 was the same framework used to deliver the destructive payload over the following weekend.
The offensive continued into March 23, when TeamPCP targeted KICS (Keeping Infrastructure as Code Secure), an open-source vulnerability scanner from Checkmarx. According to a report from Wiz, the KICS GitHub Action was compromised for nearly four hours (between 12:58 and 16:50 UTC), during which time the attackers pushed credential-stealing malware to users. This rapid-fire succession of supply chain attacks highlights the group’s ability to identify and exploit the "trust relationship" between developers and their automated security tools.
Technical Analysis of CanisterWorm and the ICP Infrastructure
The moniker "CanisterWorm" is derived from the group’s innovative use of the Internet Computer Protocol (ICP). TeamPCP orchestrates its command-and-control (C2) operations using ICP "canisters"—decentralized, blockchain-based smart contracts that bundle code and data. This architectural choice provides several advantages for the attackers:
- Persistence: Because canisters are hosted on a distributed blockchain, they are nearly impossible to take down through traditional legal or technical means (such as domain seizures or hosting provider terminations).
- Direct Web Serving: ICP canisters can serve web content directly to visitors, allowing the attackers to host malware downloads or communication portals with high availability.
- Resistance to Takedowns: As long as the operators continue to pay the necessary "cycles" (virtual currency fees) to the ICP network, the canisters remains online and reachable.
The wiper logic itself is relatively straightforward but effective. Upon execution, the script checks the local environment variables. If the TZ (timezone) variable matches "Asia/Tehran" or if the system locale is set to Farsi, the destructive module is triggered. In a Kubernetes environment, the worm uses the stolen tokens to communicate with the API server, issuing commands to delete persistent volumes and configuration maps, effectively gutting the infrastructure of the targeted organization.
Chronology of the March 2026 Offensive
The following timeline illustrates the rapid escalation of TeamPCP’s activities:
- March 19, 2026: TeamPCP executes a supply chain attack on Aqua Security’s Trivy via GitHub Actions. Malicious versions are published to steal cloud credentials and Kubernetes tokens.
- March 20-21, 2026: The group repurposes the Trivy attack infrastructure. The CanisterWorm is updated to include the Iranian wiper component.
- March 22, 2026: Security researchers at Aikido and Wiz identify the wiper logic. Reports emerge of the group bragging on Telegram about stealing data from major multinational corporations, including a large pharmaceutical firm.
- March 23, 2026 (12:58 UTC): TeamPCP compromises the KICS scanner from Checkmarx, injecting malware into its GitHub Action.
- March 23, 2026 (16:50 UTC): Checkmarx and Wiz confirm the remediation of the KICS repository, but not before additional credentials are siphoned.
- Late March 23, 2026: Attackers alternate the payload on their ICP canisters, at times replacing malware with a "Rickroll" video (a link to Rick Astley’s "Never Gonna Give You Up"), suggesting a taunting or "chaotic" motivation.
Industry Responses and Expert Analysis
The cybersecurity community has reacted with alarm to the ease with which TeamPCP has compromised the software supply chain. Aqua Security and Checkmarx have both issued statements detailing their remediation efforts and urging users to rotate any credentials that may have been exposed during the periods of compromise.
However, the broader concern remains the security of the GitHub ecosystem. Catalin Cimpanu, a reporter for Risky Business, noted that GitHub is facing a systemic "malware problem." Attackers are increasingly using techniques such as "star-jacking" (purchasing fake likes and stars) and pushing meaningless commits to ensure their malicious clones or compromised repositories stay at the top of search results.
"While security firms appear to be doing a good job spotting this, we’re also gonna need GitHub’s security team to step up," Cimpanu wrote. He emphasized that the platform’s core design—built on forking and cloning—makes it difficult to distinguish between a legitimate update and a malicious addition in a cloned repository.
Charlie Eriksen of Aikido expressed skepticism regarding the long-term strategic goals of TeamPCP. "It’s a little all over the place, and there’s a chance this whole Iran thing is just their way of getting attention," Eriksen told KrebsOnSecurity. He described the group’s behavior as "Chaotic Evil," noting that they often oscillate between professional-grade data theft and juvenile taunting.
Broader Impact and Implications for Global Security
The TeamPCP campaign highlights a dangerous trend in the democratization of high-impact cyberattacks. By automating the exploitation of cloud misconfigurations and targeting the supply chain, a relatively new group has been able to disrupt international infrastructure and steal vast quantities of sensitive data.
The targeting of Iran specifically introduces a layer of geopolitical complexity. Whether the wiper was deployed out of political conviction, as a "false flag" to distract from other activities, or simply as a means of gaining notoriety in the hacking underground remains unclear. Regardless of the motive, the incident underscores the vulnerability of modern cloud-native environments.
Organizations are advised to adopt a "zero-trust" approach to their CI/CD (Continuous Integration/Continuous Deployment) pipelines. This includes:
- Pinning Actions to Specific Commits: Instead of using "latest" tags in GitHub Actions, organizations should use specific SHA hashes to ensure they are running verified code.
- Credential Rotation: Regularly rotating cloud provider keys, Kubernetes tokens, and SSH keys to minimize the window of opportunity for attackers who have siphoned credentials.
- Monitoring Cloud Control Planes: Implementing robust logging and alerting for Docker and Kubernetes APIs to detect unauthorized lateral movement or mass data deletion.
As of this writing, it is unknown how many Iranian systems were successfully wiped by the CanisterWorm. However, the event serves as a stark reminder that in the era of cloud-native computing, the distance between a minor configuration error and a catastrophic loss of data is shorter than ever before. For now, the security community remains on high alert as TeamPCP continues to cycle through new targets and payloads with unpredictable frequency.
