A threat actor is systematically targeting misconfigured and exposed cloud management services and control interfaces to hijack infrastructure, expand its operations, and monetize compromised systems in multiple ways.
The campaign appears to have started in late December and has already compromised at least 60,000 servers worldwide via a worm-like attack where each infected system scans for and infects the next vulnerable target. According to an analysis published this week by cybersecurity firm Flare, the operation, tracked as TeamPCP and operating under several aliases including PCPcat and ShellForce, represents a troubling evolution in cloud-native cybercrime.
“TeamPCP’s strength does not come from novel exploits or original malware, but from the large-scale automation and integration of well-known attack techniques,” Flare researcher Assaf Morag, wrote in a recent blog post. “The group industrializes existing vulnerabilities, misconfigurations, and recycled tooling into a cloud-native exploitation platform that turns exposed infrastructure into a self-propagating criminal ecosystem.”
TeamPCP’s Large Scale Automation
The threat actor’s playbook involves scanning broad IP ranges for exposed Docker APIs, Kubernetes clusters, Redis servers, Ray dashboards, and systems containing the widely abused React2Shell vulnerability in React Server Components. Once it gains access to a system, TeamPCP deploys malicious Python and Shell scripts that pull down additional payloads to install proxies, tunneling software, and components that enable persistence even after server reboots.
Flare observed the attackers using a dedicated script for Kubernetes (kube.py) environments to harvest credentials and to push malicious containers across all accessible pods using administrative level APIs. The approach, according to Morag, lets the threat actor turn an initial foothold into cluster-wide control.
“This effectively converts the entire cluster into a self-propagating scanning fabric,” Morag noted. The script for exploiting the infamous React2Shell vulnerability, tracked as CVE-2025-29927, allows the attackers to run remote commands on vulnerable applications and to siphon out sensitive data, environments and cloud credentials.
More than 60% of the attacks that Flare analyzed involved cloud infrastructure hosted on Azure; 37% were AWS-hosted. TeamPCP has also been actively targeting servers in Google and Oracle cloud environments.
Multiple Revenue Streams
TeamPCP has been monetizing its attacks in multiple ways. Flare found the threat actor using compromised systems for cryptomining; selling them to other criminals for use as proxy access; leveraging them for additional scanning and exploitation; and using them to host command-and-control infrastructure for ransomware operations.
The multipurpose approach ensures that TeamPCP has multiple revenue streams from each system it infects because “every compromised system becomes a scanner, a proxy, a miner, a data exfiltration node, and a launchpad for further attacks,” Morag said. “Kubernetes clusters are not merely breached; they are converted into distributed botnets.”
Beyond monetizing stolen compute resources, Flare found TeamPCP also pursuing revenue through traditional data theft and extortion. In multiple intrusions, researchers at the company observed the group publishing stolen identity records, corporate data, and résumé databases through a data-leak site operated by an affiliated threat group, ShellForce.
Samples of the stolen documents that Flare reviewed showed them to contain full names, national identification numbers, residential addresses, phone numbers, employment and business records, and detailed job application materials. One notable breach involved JobsGO, a recruitment platform in Vietnam, where TeamPCP exfiltrated more than two million records containing detailed personal and professional information on job candidates.
For the most part, the stolen data is not as high value or as immediately monetizeable in underground markets as credit card data and bank login information, Morag pointed out. Rather, it is more of the kind that an adversary would find useful in a phishing attack, an impersonation attack or account takeover. Most of the victims of its campaigns are located in South Korea, Canada, United States, Serbia, and the United Arab Emirates.
A Dangerous Threat to Cloud Environments
TeamTCP’s Telegram channel, which the threat actor has been using both for reputation boosting and for sharing updates about its activities, boasts about 700 members and appears to have launched in November. However, the group has made claims about “rebranding” its operations that hint it may have been operating under another alias even before, Morag said.
What’s perhaps most concerning about TeamPCP is how unremarkable its techniques really are, according to Morag. Far from writing its own malicious code, TeamPCP has mostly been using copied, lightly modified, and/or AI assisted code for its scanning and exploit activities. All of the vulnerabilities and cloud misconfigurations that the group has been exploiting are also well documented, meaning TeamPCP is not inventing new attack methods but simply industrializing old ones with remarkable effectiveness, Morag said.
“As long as organizations continue to expose orchestration APIs, leak secrets in .env files, and deploy cloud services without strong security boundaries, actors like TeamPCP will continue to turn the world’s computer fabric into their own criminal infrastructure,” he noted.
Defending against threats like TeamPCP requires organizations to pay attention to cloud security fundamentals, Flare said. That means securing cloud control planes with proper authentication, network segmentation, and least-privileged access policies. Organizations must also implement runtime security monitoring capable of detecting unexpected container deployments, unusual network connections, and behavioral anomalies that signal compromise, the security vendor said.
