TeamPCP is conducting a campaign against Kubernetes clusters that installs the CanisterWorm backdoor on non-Iranian systems and deploys a geopolitically targeted destructive payload that wipes machines configured for Iran. Aikido links this activity to the Trivy supply-chain compromise and notes variants that spread via SSH and exploit unauthenticated Docker API access. #TeamPCP #CanisterWorm
Keypoints
- TeamPCP targets Kubernetes clusters with scripts that either install the CanisterWorm backdoor or deploy a destructive payload against Iranian systems.
- The campaign reuses the same ICP canister, C2, backdoor code, and /tmp/pglog drop path observed in CanisterWorm incidents.
- If a host matches Iran’s timezone and locale, it deploys a privileged DaemonSet ‘Host-provisioner-iran’ whose ‘kamikaze’ Alpine pods delete top-level host directories and reboot the machine.
- Non-Iranian Kubernetes nodes receive a ‘host-provisioner-std’ DaemonSet that writes a Python backdoor to the host filesystem and installs it as a persistent systemd service.
- Some variants omit Kubernetes lateral movement and propagate via SSH using parsed auth logs and stolen keys; indicators include outbound SSH with StrictHostKeyChecking=no and unauthenticated Docker API access on port 2375.