‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated cybercriminal group, TeamPCP, has been running an automated cloud-focused campaign that abused exposed control planes and supply-chain compromises (notably Trivy and KICS GitHub Actions) to distribute credential-stealing malware and a self-propagating wiper (CanisterWorm) that targets systems localized to Iran; the group leverages ICP canisters for resilient hosting, siphons cloud/Kubernetes credentials, and publicly extorts victims via Telegram.