Relentless Malware Outbreak Infects Open Source Software, Targets Iran
A sophisticated hacking group called TeamPCP is using self-propagating malware to compromise servers, steal data, deploy ransomware, and mine cryptocurrency on a massive scale.
TeamPCP, a new hacking group, has been conducting a persistent and relentless campaign that spreads a self-propagating and never-before-seen backdoor malware. Curiously, the malware also includes a data wiper component that specifically targets Iranian machines.
The group first gained visibility in December 2022 when researchers from security firm Flare observed it unleashing a worm that targeted cloud-hosted platforms that weren't properly secured. The objective was to build a distributed proxy and scanning infrastructure and then use it to compromise servers for exfiltrating data, deploying ransomware, conducting extortion, and mining cryptocurrency. TeamPCP is notable for its skill in large-scale automation and integration of well-known attack techniques.
Source: Ars Technica
