VTA-004561 – Automated Cloud Service Abuse Enables TeamPCP’s Large‑Scale Ransomware Campaign

TeamPCP, also known as PCPcat or ShellForce, is a cybercrime group that launched a massive worm-like campaign in late 2025, specifically targeting cloud-native environments like exposed Docker APIs, Kubernetes clusters, Ray dashboards, Redis servers, and React/Next.js apps vulnerable to React2Shell (CVE-2025-29927). Unlike traditional ransomware that hits endpoints or file servers, TeamPCP builds a self-propagating infrastructure botnet, turning compromised cloud workloads into scanners, proxies, and data thieves that spread across entire clusters. This “cloud-first” approach industrializes common misconfigurations into a full criminal ecosystem for crypto mining, tunneling, extortion and data leaks via Telegram channels.

The operation kicks off with automated scanners pulling massive IP lists to hunt unauthenticated management interfaces, then deploys persistent containers or DaemonSets that fingerprint environments like detecting Kubernetes to drop specialized payloads. Scripts like proxy.sh install tools such as FRPS for proxies, XMRig for mining and Sliver for C2, while kube.py escalates by hopping into every pod and mounting host filesystems for backdoor access. What sets TeamPCP apart is this integration, no novel zero-days needed, just scaled automation that pivots from one exposed API to cluster-wide control, blending resource hijacking with real data exfiltration from e-commerce, finance and HR sectors mostly on Azure (61%) and AWS (36%).

Operationally, TeamPCP functions much like a wormdriven cloud exploitation ecosystem. Its tooling automatically scans large IP ranges for exposed control planes, abuses unauthenticated interfaces to deploy malicious containers or jobs and establishes persistence via autorestarting services. Rather than focusing on individual endpoints, this campaign weaponizes orchestration layers the components responsible for managing containers and clusters turning oncetrusted infrastructure into a selfpropagating criminal asset.

Severity:
High

Attack Surface:
Cloud Service, Infrastructure, System Management Service

Tactics:
Command and Control, Credential Access, Discovery, Execution, Exfiltration, Impact, Initial Access, Lateral Movement, Persistence, Privilege Escalation

Techniques:
T1190 – Exploit Public-Facing Application
T1133 – External Remote Services
T1059 – Command and Scripting Interpreter
T1609 – Container Administration Command
T1053.003 – Scheduled Task / Cron
T1525 – Implant Internal Image
T1610 – Deploy Container
T1611 – Escape to Host
T1068 – Exploitation for Privilege Escalation
T1611 – Escape to Host
T1552.001 – Credentials in Files
T1528 – Steal Application Access Token
T1087 – Account Discovery
T1613 – Container and Resource Discovery
T1046 – Network Service Discovery
T1610 – Deploy Container
T1021 – Remote Services
T1090 – Proxy
T1071 – Application Layer Protocols
T1573 – Encrypted Channel
T1041 – Exfiltration Over C2 Channel
T1567 – Exfiltration to Web Services
T1496 – Resource Hijacking
T1486 – Data Encrypted for Impact
T1565 – Data Manipulation
T1490 – Inhibit System Recovery

Indicator of Compromise:
https://otx.alienvault.com/pulse/698aad6994794d09bc017175

References:
1. https://flare.io/learn/resources/blog/teampcp-cloud-native-ransomware

SuperPRO’s Threat Countermeasures Procedures:
1. Disable unauthenticated access to Docker Remote API (TCP 2375/2376)
2. Restrict Kubernetes API server exposure using IP allow‑lists and RBAC
3. Patch Ray Dashboard RCE (React2Shell) by upgrading Ray to ≥ v2.9.3
4. Enforce authentication on Redis instances (bind to localhost or VPC only)
5. Rotate exposed cloud credentials and service account tokens
6. Monitor for unauthorized container deployments and auto‑restart jobs
7. Block outbound connections to known proxy and cryptomining pools
8. Audit cloud workloads for persistence mechanisms (cron jobs, systemd services, Kubernetes DaemonSets)

Contributed by: Thivya