The TeamPCP hacking group is focusing on Kubernetes clusters with a malicious script that wipes all machines when it detects techniques configured for Iran.
The risk actor is answerable for the latest supply-chain assault on the Trivy vulnerability scanner, and likewise an NPM-based marketing campaign dubbed ‘CanisterWorm,’ which began on March 20.
Selective destruction payload
Researchers at utility safety firm Aikido say that the marketing campaign focusing on Kubernetes clusters makes use of the identical command-and-control (C2), backdoor code, and drop path as seen within the CanisterWorm incidents.
Nevertheless, the brand new marketing campaign differs in that it features a damaging payload focusing on Iranian techniques and installs the CanisterWorm backdoor on nodes in different locales.
“The script makes use of the very same ICP canister (tdtqy-oyaaa-aaaae-af2dq-cai[.]uncooked[.]icp0[.]io) we documented within the CanisterWorm marketing campaign. Identical C2, similar backdoor code, similar /tmp/pglog drop path,” Aikido says.
“The Kubernetes-native lateral motion through DaemonSets is per TeamPCP’s identified playbook, however this variant provides one thing we have not seen from them earlier than: a geopolitically focused damaging payload aimed particularly at Iranian techniques.”
In response to Aikido researchers, the malware is constructed to destroy any machine that matches Iran’s timezone and locale, regardless if Kuberenetes is current or not.
If each circumstances are met, the script deploys a DaemonSet named ‘Host-provisioner-iran’ in ‘kube-system’, which makes use of privileged containers and mounts the host root filesystem into /mnt/host.
Every pod runs an Alpine container named ‘kamikaze’ that deletes all top-level directories on the host filesystem, after which forces a reboot on the host.
If Kubernetes is current however the system is recognized as not Iranian, the malware deploys a DaemonSet named ‘host-provisioner-std’ utilizing privileged containers with the host filesystem mounted.
As a substitute of wiping knowledge, every pod writes a Python backdoor onto the host filesystem and installs it as a systemd service so it persists on each node.
On Iranian techniques with out Kubernetes, the malware deletes each file on the machine, together with system knowledge, accessible to the present person by operating the rm -rf/ command with the –no-preserve-root flag. If root privileges usually are not accessible, it makes an attempt passwordless sudo.
supply: Aikido
On techniques the place not one of the circumstances are met, no malicious motion is taken, and the malware simply exits.
Aikido studies {that a} latest model of the malware, which makes use of the identical ICP canister backdoor, has omitted the Kubernetes-based lateral motion and as a substitute makes use of SSH propagation, parsing authentication logs for legitimate credentials, and utilizing stolen personal keys.
The researchers highlighted some key indicators of this exercise, together with outbound SSH connections with ‘StrictHostKeyChecking+no’ from compromised hosts, outbound connections to the Docker API on port 2375 throughout the native subnet, and privileged Alpine containers through an unauthenticated Docker API with / mounted as a hostPath.
Malware is getting smarter. The Crimson Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 strategies and see in case your safety stack is blinded.
