Krebs on Security is a cybersecurity blog authored by Brian Krebs, an investigative journalist and cybersecurity expert. With a focus on cybercrime, hacking incidents, and data breaches, Krebs on Security provides  analysis, investigative reporting, and security research on emerging threats and cybersecurity trends. Developers and security professionals can learn about the latest cybersecurity threats, security best practices, and incident response strategies from Krebs' investigative reporting and expert analysis.

Krebs on Security

A cybercrime group called TeamPCP has deployed a wiper worm dubbed CanisterWorm that targets cloud infrastructure and destroys data on systems configured with Iran's timezone or Farsi locale. The group previously compromised Aqua Security's Trivy vulnerability scanner via a GitHub Actions supply chain attack, stealing SSH keys, cloud credentials, Kubernetes tokens, and crypto wallets. TeamPCP uses Internet Computer Protocol (ICP) blockchain canisters to orchestrate attacks, making their infrastructure resistant to takedown. The wiper, if it detects an Iranian environment with Kubernetes access, destroys data across all cluster nodes. Security researchers note the group is financially motivated but appears to be using the Iran-targeting angle partly for notoriety, and experts warn that GitHub's malware problem is growing as supply chain attacks increase in frequency.

‘CanisterWorm’ Springs Wiper Attack Targeting Iran – Krebs on Security