A brand new hacking group has been rampaging the Web in a persistent marketing campaign that spreads a self-propagating and never-before-seen backdoor—and curiously a knowledge wiper that targets Iranian machines.
The group, tracked below the identify TeamPCP, first gained visibility in December, when researchers from safety agency Flare noticed it unleashing a worm that focused cloud-hosted platforms that weren’t correctly secured. The target was to construct a distributed proxy and scanning infrastructure after which use it to compromise servers for exfiltrating knowledge, deploying ransomware, conducting extortion, and mining cryptocurrency. The group is notable for its talent in large-scale automation and integration of well-known assault methods.
Relentless and continuously evolving
Extra lately, TeamPCP has waged a relentless marketing campaign that makes use of constantly evolving malware to convey ever extra techniques below its management. Late final week, it compromised nearly all variations of the extensively used Trivy vulnerability scanner in a supply-chain assault after gaining privileged entry to the GitHub account of Aqua Safety, the Trivy creator.
