TeamPCP Deploys Iran‑Targeted Wiper in Kubernetes Attacks

Iranian-Targeted Wiper Deployed Through Kubernetes Attacks

The TeamPCP hacking collective has expanded its toolbox with a new destructive campaign aimed at Kubernetes clusters. Unlike traditional wiper campaigns, this operation uses a Kubernetes-native approach to reach Iranian systems, while also carrying a backdoor payload that can deploy on nodes outside Iran. The development follows TeamPCP’s involvement in a recent supply-chain breach of the Trivy vulnerability scanner and a separate NPM-based campaign nicknamed CanisterWorm that began circulating on March 20 of the current year.

What makes this campaign distinct is the integration of a selective destruction payload with the familiar command-and-control (C2) infrastructure and backdoor code that researchers have previously linked to CanisterWorm. In short, the campaign leverages the same ICP canister backdoor, the same C2 channel, and the same drop path in /tmp/pglog, but it adds a(n) geopolitical layer: a destructive module designed to wipe Iranian-targeted hosts when specific conditions are met. This marks a shift from purely opportunistic ransomware-like behavior to a targeted capability that can physically erase systems within a defined locale.

Operational details reveal a deliberate use of Kubernetes-native lateral movement. The actors deploy a DaemonSet—initially named Host-provisioner-iran into the kube-system namespace—on compromised clusters. The DaemonSet runs privileged containers and mounts the host's root filesystem, enabling the malware to reach every node in the swarm. Each pod runs an Alpine container, whimsically named kamikaze, that is capable of executing a wipe by deleting top-level directories on the host filesystem and then forcing a reboot of the machine. This is a stark example of how containerized threats can bridge the gap to host-level impact, orchestrated through Kubernetes primitives.

There is also a non-Iranian variant of the same operation. When a system is identified as not Iranian, the campaign deploys a DaemonSet called host-provisioner-std. Like its Iranian counterpart, it uses privileged containers with the host filesystem mounted. However, in place of data destruction, this variant installs a Python backdoor on the host and registers it as a systemd service so that it persists across restarts and reboots on every node. The dual-mode approach demonstrates the attackers’ intent to maintain footholds regardless of geopolitical targeting, while still preserving a highly destructive option for Iranian systems.

The campaign also demonstrates an additional mode of propagation and execution in environments without Kubernetes. In such cases, if none of the conditional checks for Iranian targeting are satisfied, the malware simply exits. But if it detects Kubernetes is absent or misconfigured for the payload, the attackers adapt by deploying traditional means of persistence and backdoor installation to the local host. These modular pathways highlight a flexible threat model designed to operate across diverse infrastructure scenarios.

There are reports of another operational variant described by researchers, one that bypasses Kubernetes lateral movement in favor of SSH-based propagation. This version—still tied to the same ICP canister backdoor—appears to rely on parsed authentication logs to harvest credentials and to use stolen private keys for horizontal movement. In the network indicators observed, outbound SSH sessions show signs of robust evasion tactics, with configurations like StrictHostKeyChecking set to no, and unauthorized Docker API access visible on the local subnet (notably through port 2375). Privileged Alpine containers mounted with hostPath continue to play a central role in these intrusions.

Researchers from Aikido Security have documented these indicators, including how compromised hosts generate outbound SSH connections with lenient host-key checks, and how the Docker API exposure can enable dangerous lateral movement. The findings also point to the presence of an authenticated path to mount the host filesystem and to deploy the backdoor as a persistent service, underscoring the layered nature of the attack—initial compromise, hybrid propagation, and a targeted capability that can cause catastrophic damage on Iranian systems if specific conditions align.

A broader context is provided by the Red Report 2026, which discusses how modern malware increasingly leverages mathematical techniques to detect sandbox environments and to blend into normal system activity. The report emphasizes the evolving sophistication of threat actors who are willing to tailor their tactics to specific zones and geopolitical climates. While the report itself is not a direct description of TeamPCP’s campaign, it offers framing for why tailored wipers and geopolitically targeted payloads are slipping into more common use, and why defenders must look beyond generic indicators.

In practical terms, defenders should treat this campaign as a reminder that Kubernetes clusters can be more than a staging ground for credential theft and backdoor installation; they can also be the platform for highly targeted destructive actions. The presence of DaemonSets that deploy onto the host filesystem and the use of privileged containers with hostPath mounts illustrate how misconfigurations and overly permissive container runtimes can be weaponized. Security teams should review cluster-wide permissions, ensure that DaemonSets are audited and restricted, and validate that host-level actions require explicit, auditable authorization. Additionally, monitoring for unusual drop paths in /tmp, anomalous backdoor artifacts, and early signs of SSH-based lateral movement can help in early detection of these evolving tactics.

As this campaign illustrates, the line between wiper campaigns and data-destructive operations is narrowing. The ability to automatically detect a system configured for a specific locale and then trigger a destructive payload adds a new dimension to geopolitical cyber risk. It is no longer enough to secure data; defenders must also harden the environments against a spectrum of destructive capabilities that can be deployed through routine orchestration platforms. The evolving TeamPCP operation is a stark reminder that defense in depth, robust policy enforcement, and proactive monitoring of container-native lateral movement are essential components in safeguarding modern, cloud-native infrastructures.