Self-propagating malware poisons open source software and wipes Iran-based machines

A previously unknown hacking group, identified as TeamPCP, has been conducting a targeted campaign involving self-propagating malware that infects open-source software and wipes data from machines based in Iran. This group first emerged in December, when security researchers at Flare detected a worm targeting unsecured cloud-hosted platforms, aiming to establish a proxy and scanning infrastructure for compromising servers, exfiltrating data, and deploying ransomware. The malware's ability to spread and its specific targeting of Iranian machines suggest a calculated effort to disrupt operations within the region. Technical details of the malware, including its propagation mechanisms and data wiping capabilities, are still being analyzed. The campaign's focus on Iran-based machines underscores the importance of sector-specific risk assessment and operational resilience planning¹. This highlights the need for organizations to prioritize proactive security measures to mitigate potential disruptions.