What is CanisterWorm?

Self-spreading worm from TeamPCP using ICP canisters; wipes data on Iran time zones/locales via cloud exploits.

How does TeamPCP attack cloud services?

Automates exposed Docker, Kubernetes, Redis; steals creds, extorts; hit 97% Azure/AWS.

Is CanisterWorm a nation-state attack on Iran?

No — financially motivated crooks piggybacking tensions for data theft and show.

CanisterWorm: Cybercrooks Hijack Iran Tensions for Cloud Data Heists

A worm called CanisterWorm just lit up Iranian cloud setups, wiping data based on time zones and language. Behind it? TeamPCP, who own 97% of their hits on Azure and AWS misconfigs.

Threat Digest Apr 03, 2026 3 min read 17 views

Digital worm icon spreading through cloud servers with Iranian flag overlay

⚡ Key Takeaways

TeamPCP exploits cloud misconfigs in 97% Azure/AWS environments for automated breaches. 𝕏
CanisterWorm uses blockchain ICP canisters for resilient, takedown-proof delivery. 𝕏
Financially driven, not geopolitical; predicts escalation to broader ransomware waves. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#CanisterWorm #TeamPCP #cloud exploits #cloud worm #wiper malware

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Krebs on Security

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

TeamPCP's Ruthless Hijack of Security Scanners: 500K Machines, 300GB Stolen

Iranian Hackers Erase Stryker's Digital Lifeline: Medtech's Nightmare Begins

Iran's Hackers Swap Wipers for Identity Strikes

TeamPCP's Credential Blitz: AWS and Azure Fall in Hours, Not Days

Stay in the loop