Emerging Threat Actor TeamPCP Exploits Cloud Misconfigurations to Power a New Wave of Cloud-Native Ransomware Attacks

CyberDefender 10 mins0

In late 2025, a previously unknown threat actor calling itself TeamPCP — also associated with names like PCPcat, ShellForce, PersyPCP, and DeadCatx3 — emerged as a significant player in the ransomware and cloud compromise landscape. Rather than targeting traditional endpoints such as individual user devices or corporate desktops, TeamPCP’s campaign focuses on cloud-native infrastructure, exploiting exposed orchestration interfaces and misconfigurations to automate large-scale compromise and monetization.

This article examines TeamPCP’s operational model, attack chain, tooling, persistence strategies, and implications for modern security teams defending cloud environments.

The Cloud-Native Threat Model

TeamPCP’s distinguishing characteristic is its cloud-first approach. Instead of conventional ransomware installers, the group weaponizes exposed control planes, chiefly:

  • Docker Remote APIs
  • Kubernetes APIs and control plane interfaces
  • Ray distributed compute dashboards
  • Redis database endpoints
  • React/Next.js server vulnerabilities (notably CVE-2025-29927, aka React2Shell)

These interfaces are often left exposed without authentication or proper network restrictions, forming a broad and high-value attack surface on public cloud providers — predominantly Azure and AWS, which together account for the majority of compromised infrastructure observed.

By exploiting these exposed services at scale, TeamPCP can establish initial footholds and then pivot laterally across clusters, turning misconfigured orchestration endpoints into a self-propagating infrastructure botnet.

The PCPcat Campaign: A Case Study in Automated Exploitation

The first widely observed operation under the TeamPCP banner was the PCPcat campaign in December 2025. Its behavior combines broad scanning, automatic exploitation, persistence, and exploitation of cloud resources for illicit monetization.

Initial Reconnaissance and Exploitation

TeamPCP’s workflow begins with aggressive scanning across large IP ranges for accessible APIs:

  1. Docker Remote API Abuse
    • Unauthenticated Docker endpoints are probed.
    • Once found, attackers remotely launch a container that fetches and executes a bootstrap script, proxy.sh.
    • This hands-off execution requires no credentials because the API is exposed without authorization.
  2. Misconfigured Ray and Redis Targets
    • Ray dashboards (used for distributed computing) and Redis servers are scanned and, when vulnerable, exploited to execute commands or drop payloads.
    • Scanners like teampcp.py systematically enumerate these endpoints and deploy payloads automatically.
  3. React2Shell Vulnerability Exploitation
    • A dedicated module (react.py) automates exploitation of CVE-2025-29927 to trigger remote execution on Next.js servers.
    • Successful exploitation includes harvesting sensitive environment data and attempting further payload deployment.

Advanced Lateral Movement and Persistence

Upon securing initial access, TeamPCP escalates its control using tailored scripts designed for the cloud environment:

Proxy and Scanning Engine (proxy.sh)

The central payload script serves as the hub of operations:

  • Installs tunneling and proxy utilities
    Tools like frps and gost are dropped to establish proxy or peer-to-peer networking capabilities.
  • Self-Maintains Across Reboots
    By registering itself as a persistent service, the script ensures continuity of operations even if minor remediation occurs.
  • Environment Fingerprinting
    The script detects if it’s running inside a Kubernetes cluster and selectively deploys additional payloads (e.g., kube.py) designed for that environment.

Cluster Compromise (kube.py)

In Kubernetes environments, TeamPCP executes a systematic lateral spread:

  • Enumerates all namespaces and accessible pods.
  • Uses API-like remote exec calls (kubectl exec-style) to run the initial payload (proxy.sh) inside each container.
  • Deploys a privileged DaemonSet that gains access to the host network and filesystem, establishing a persistent backdoor across the entire cluster.

This integration transforms the compromised cluster from a single exploited node into a distributed scanning and exploitation fabric — allowing further propagation and resilience against partial remediation.

Monetization and Long-Term Abuse

While traditional ransomware encrypts data and demands payment, TeamPCP’s monetization strategy blends multiple revenue channels:

  • Cryptomining (e.g., XMRig)
    Binary miners are deployed to extract cryptocurrency from compromised servers.
  • Proxy and Tunneling Services
    Compromised infrastructure is repurposed to support proxy networks, potentially for VPN-style resale or abuse.
  • Command and Control (C2) via Sliver
    Evidence from telemetry links use of the open-source Sliver C2 framework to maintain control and orchestrate remote tasks on compromised assets.
  • Data Harvesting & Extortion
    Stolen data is sometimes published on underground platforms and Telegram channels under monikers like “ShellForce”, serving both extortion goals and reputation building in cybercriminal communities.

This hybrid model blends cloud compromise, illicit infrastructure resale, mining, and data theft, making TeamPCP’s operations resemble a botnet plus ransomware plus access broker — all wrapped into one cloud-centric platform.

Technical Capabilities and Toolchain

TeamPCP’s code base includes a mix of custom Python and shell tooling plus reused open-source components:

  • Custom Scripts
    • proxy.sh — orchestrates persistence, proxies, scanners
    • teampcp.py — large-scale scanner and deployer
    • kube.py — Kubernetes exploitation and lateral spread
    • react.py — teams React2Shell exploitation and data theft
    • mine.sh — cryptominer bootstrapper
  • Third-Party Modules
    • Sliver — C2 framework
    • XMRig — cryptominer
    • FRPS, gost — tunneling/proxy tools
    • Redis and Ray exploit modules

TeamPCP scripts are structured to operate autonomously, handling discovery, exploitation, and persistence without real-time operator commands — a hallmark of worm-like propagation logic tailored for cloud service abuse.

Defensive Implications

TeamPCP’s rise underscores key defensive priorities for modern organizations:

Harden Exposed APIs

Cloud orchestration platforms and dashboards should never be exposed publicly without authentication, network access restrictions, and strict role-based access control (RBAC).

Runtime and Cluster Monitoring

Behavioral detection — such as unexpected DaemonSet creation, unusual remote exec operations, and unauthorized container launches — is critical, especially in Kubernetes environments.

Secrets and Environment Protection

Automated detection of exposed environment variables and credential leaks can stem lateral movement and misuse of privileged interfaces.

Threat Exposure Intelligence

Continuous monitoring of underground indicators — including leaked data dumps, cybercriminal channels, and automated scanning signatures — helps defenders anticipate emerging tactics like those employed by TeamPCP.

Conclusion

TeamPCP represents a new class of ransomware-adjacent threat actor: one that leverages cloud-native misconfiguration and exposed control planes to orchestrate widespread compromise at scale. By industrializing simple attack techniques — scanning, API abuse, persistent services, and reuse of third-party tooling — this group has created a cloud exploitation platform capable of self-propagation and diversified monetization.

Security teams must adapt their defensive postures accordingly, emphasizing API hardening, cluster visibility, and continuous threat intelligence, to combat not only traditional ransomware but also these emerging cloud-native threat operations.

CyberDefender