BRIEF

Other · ActiveRisk: HighRegion: IranHub: Global IntelligenceBrief #00403Priority Score: 75Other · ActiveRisk: HighRegion: IranHub: Global IntelligenceBrief #00403Priority Score: 75

TeamPCP targeting Kubernetes clusters with Iran-specific wiper malware

HIGH RISK

BRIEF #00403

Other Iran Global Intelligence

TeamPCP targeting Kubernetes clusters with Iran-specific wiper malware

March 23, 2026 at 09:01 PM

Priority75

Technology · Cloud Infrastructure · Government

2.2

Always First

Executive Risk Brief

HIGH RISK

Incident Type

Other

Risk Level

High

Affected Sectors

Technology, Cloud Infrastructure, Government

Geographic Impact

Iran

Severity Index

75 / 100

ALERT

Immediate Enterprise Concern

Organizations with Kubernetes clusters operating in or connected to Iranian infrastructure face a high risk of total data destruction.

2.3

Incident Overview

What Happened

The hacking group TeamPCP has been observed deploying a wiper script within compromised Kubernetes clusters. The script performs a check on the system configuration to identify Iranian-based environments. Once identified, the malware executes commands to wipe the affected machines, leading to potential service disruption and data loss.

◆

2.4

Strategic Impact

Why It Matters

This incident highlights the increasing use of container orchestration platforms as primary targets for destructive cyber operations. The use of region-specific triggers suggests a targeted campaign that could escalate into broader infrastructure attacks. For enterprises, this underscores the necessity of securing Kubernetes control planes and monitoring for unauthorized script execution.

◆

2.5

Conditional Advisory

Citizen Safety Summary

Live Citizen Advisory · Iran

Other Safety Alert

Est. Reports Filed

Score 75

Active Since

Mar 23, 2026

Sectors Targeted

Technology, Cloud Infrastructure

This incident primarily affects corporate and government cloud infrastructure rather than individual consumer devices. However, if you are a developer or system administrator, ensure your cloud environments are properly secured and monitored for suspicious activity.

2.6

Operational Directives

QPulse Advisory Block

Immediate Action

Time-sensitive · Act now

Audit all Kubernetes clusters for unauthorized pods or scripts and restrict access to the API server.

Monitoring Recommendation

Detection & visibility

Monitor logs for unusual shell execution commands and unexpected outbound traffic from container nodes.

Preventive Control

Reduce attack surface

Implement strict Role-Based Access Control (RBAC) and enforce pod security policies to prevent unauthorized container execution.

Governance Consideration

Policy & compliance

Adopt a zero-trust architecture for container orchestration and ensure regular, immutable backups of critical cluster configurations.

QPulseIntelligence

Advisory purposes only · QPulse Security Intelligence Platform · 2026 · Brief #00403

2.2

Always First

Executive Risk Brief

HIGH RISK

Incident Type

Other

Risk Level

High

Affected Sectors

Technology, Cloud Infrastructure, Government

Geographic Impact

Iran

Severity Index

75 / 100

ALERT

Immediate Enterprise Concern

Organizations with Kubernetes clusters operating in or connected to Iranian infrastructure face a high risk of total data destruction.

2.3

Incident Overview

What Happened

◆

2.4

Strategic Impact

Why It Matters

◆

2.5

Conditional Advisory

Citizen Safety Summary

Live Citizen Advisory · Iran

Other Safety Alert

Est. Reports Filed

Score 75

Active Since

Mar 23, 2026

Sectors Targeted

Technology, Cloud Infrastructure

2.6

Operational Directives

QPulse Advisory Block

Immediate Action

Time-sensitive · Act now

Audit all Kubernetes clusters for unauthorized pods or scripts and restrict access to the API server.

Monitoring Recommendation

Detection & visibility

Monitor logs for unusual shell execution commands and unexpected outbound traffic from container nodes.

Preventive Control

Reduce attack surface

Implement strict Role-Based Access Control (RBAC) and enforce pod security policies to prevent unauthorized container execution.

Governance Consideration

Policy & compliance

Adopt a zero-trust architecture for container orchestration and ensure regular, immutable backups of critical cluster configurations.

QPulseIntelligence

Advisory purposes only · QPulse Security Intelligence Platform · 2026 · Brief #00403