A new campaign believed to be orchestrated by the TeamPCP hacking group is targeting Kubernetes environments with a malicious script capable of wiping entire systems when Iranian configurations are detected, according to researchers at application security firm Aikido.
The threat actor is thought to be behind the recent supply-chain compromise of the Trivy vulnerability scanner and the NPM-based “CanisterWorm” campaign that began on March 20. Researchers say the latest attack shares infrastructure with the above incidents, including similar command-and-control (C&C) servers, backdoor code, and the same /tmp/pglog drop path.
The malware analyses a system’s timezone and locale and if both indicate an Iranian environment, it deploys a Kubernetes DaemonSet named “Host-provisioner-iran” within the kube-system namespace. Using privileged containers that mount the host’s root filesystem, the payload executes an Alpine-based container dubbed “kamikaze,” which deletes top-level directories and forces a system reboot.
Non-Iranian Kubernetes environments are infected with a separate DaemonSet called “host-provisioner-std.” Rather than destroying data, this variant installs a persistent Python backdoor as a systemd service across nodes.
For Iranian systems that don’t run Kubernetes, the malware executes a direct file-wiping command (rm -rf / --no-preserve-root), attempting privilege escalation via passwordless sudo if necessary. Systems that do not meet any targeting criteria are left untouched.
Aikido also identified an updated version of the malware that switches from Kubernetes-native propagation to SSH-based lateral movement. This variant scans authentication logs for valid credentials and leverages stolen private keys to spread across networks.
Key indicators of compromise include suspicious outbound SSH connections using disabled host key verification, unauthorized access attempts to Docker APIs over port 2375, and the presence of privileged Alpine containers with host filesystem mounts.
In a separate report, JFrog’s security research team has detailed a previously unreported compromised package versions related to the CanisterWorm npm supply chain attack.