TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Network
In late December 2025, cybersecurity experts identified a significant campaign targeting cloud-native environments. This operation, described as worm-driven, exploited vulnerabilities in exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers. Notably, it leveraged the React2Shell vulnerability (CVE-2025-55182, CVSS score: 10.0). The campaign has been attributed to a threat group known as TeamPCP, also referred to as DeadCatx3, PCPcat, PersyPCP, and ShellForce.
Active since at least November 2025, TeamPCP’s first known activity on Telegram dates back to July 30, 2025. Their Telegram channel, now boasting over 700 members, disseminates stolen data from victims across Canada, Serbia, South Korea, the U.A.E., and the U.S. The group’s operations were initially documented by Beelzebub in December 2025 under the moniker Operation PCPcat.
According to Flare security researcher Assaf Morag, the group’s objectives include building a distributed proxy and scanning infrastructure at scale, compromising servers to exfiltrate data, deploying ransomware, conducting extortion, and mining cryptocurrency.
TeamPCP operates as a cloud-native cybercrime platform, exploiting misconfigured Docker APIs, Kubernetes APIs, Ray dashboards, Redis servers, and vulnerable React/Next.js applications. These serve as primary infection vectors to breach modern cloud infrastructures, facilitating data theft and extortion. Additionally, the compromised infrastructure is repurposed for activities such as cryptocurrency mining, data hosting, and functioning as proxy and command-and-control (C2) relays.
Rather than developing new attack methods, TeamPCP relies on existing tools, known vulnerabilities, and common misconfigurations. This approach automates and industrializes their exploitation process, transforming exposed infrastructures into a self-propagating criminal ecosystem.
Upon successful exploitation, the group deploys next-stage payloads from external servers. These include shell and Python-based scripts designed to identify new targets for further expansion. A key component, proxy.sh, installs proxy, peer-to-peer (P2P), and tunneling utilities, and deploys various scanners to continuously search the internet for vulnerable and misconfigured servers.
Notably, proxy.sh performs environment fingerprinting during execution. If it detects a Kubernetes environment, the script follows a separate execution path, deploying a cluster-specific secondary payload. This indicates that TeamPCP maintains distinct tools and methods for cloud-native targets, rather than relying solely on generic Linux malware.
Other payloads include scanner.py, designed to find misconfigured Docker APIs and Ray dashboards by downloading Classless Inter-Domain Routing (CIDR) lists from a GitHub account named DeadCatx3. It also features options to run a cryptocurrency miner (mine.sh). Another payload, kube.py, includes Kubernetes-specific functionality to harvest cluster credentials and discover resources such as pods and namespaces. It then drops proxy.sh into accessible pods for broader propagation and sets up a persistent backdoor by deploying a privileged pod on every node that mounts the host’s root directory.
The emergence of TeamPCP underscores the evolving threat landscape in cloud security. Organizations are urged to secure their cloud environments by addressing misconfigurations, applying patches promptly, and implementing robust monitoring to detect and mitigate such sophisticated attacks.
