Flare, a cybersecurity company, announced a new type of large-scale initiative -- the PCPcat campaign -- which is a worm-like cyberattack that will exploit cloud-native environments to form a base for establishing larger scale criminal operations. The PCPcat team (also just known as DeadCatx3, PCPcat, PersyPCP, and ShellForce) is identified as an emerging threat group that was first known to be active as of the end of December 2025.
The innovative aspect of TeamPCP is their use of automation and chaining together existing known misconfigurations and vulnerabilities into a self-replicating ecosystem. This new ecosystem allows for the establishment of thousands of compromised servers that serve as proxy servers, scanners, command and control relay servers, crypto currency mining nodes, data exfiltration points, and launch points for ransomware or extortion activities.
Attack vectors to gain unwanted access include:
1. Docker API is open and allows anyone to manage their container without needing authentication.
2. Anyone can use Kubernetes API with no login or using weak credential controls against scheduled jobs.
3. Unprotected Ray dashboards (orchestrators for machine learning and artificial intelligence workloads)
4. Vulnerable Redis instances (lacking a password, or accessible from the public internet)
5. The vulnerability affects React 19.x and Next.js, allowing for remote code to be executed before authentication has been performed on those versions. The flaw has been described as CVE-2025-55182 (CVSS rated as 10) and is due to maliciously formed HTTP requests that can execute any number of arbitrary commands without being properly authorized by the system administrator/user.
Once an attacker has gained access through one of these attack techniques, they deploy an orchestrator script referred to as proxy.sh from an attacker’s sever (for example: attacker originating IP address 67.217.57.240) with the following capabilities:
1. Identifies the type of environment it is launched in (particularly identifying Kubernetes using service account tokens)
2. Installs proxy services/tunneling technology (e.g.: frp or GOST for SOCKS5 reverse proxy)
3. Deploys other scanners and miners
4. Establish persistent services to allow survivors to continue through rebooting of the network or hosting environment.
When it finds a Kubernetes cluster, it proceeds to execute kube.py with the following capabilities:
1. Gather cluster credential information
2. Enumerate pods and namespaces through the Kubernetes API
3. Drop proxy.sh into any accessible pods to propagate itself
4. Deploy privileged DaemonSets that mount the host file system and persist across nodes (e.g., DaemonSet names may include system-monitor)
Other payloads include:
1. scanner.py - Scanning CIDR ranges (obtained from DeadCatx3 GitHub) for more Docker/Ray targets; can also trigger crypto mining
2. react.py - RCE exploits in React/Next.js (currently exploiting CVE-2025-29927, an older Next.js middleware bypass); campaign focus is around React2Shell (a.k.a. Shell2React)
3. pcpcat.py - Mass scanning of IP ranges and deploying malicious containers/jobs that contain Base64-encoded payloads
The final goals include many different ways to make money, including:
1. Creating together a large number of shared proxy networks for people to use to remain anonymous online.
2. Getting sensitive information like .env files, credentials, and databases out of servers so that they can either leak information to other people through telegram channels that have over 700 people or use it for extortion or ransomware attacks on someone.
3. Installing programs to mine cryptocurrency on other people's computers.
4. Using another person's computer to connect to a C2 server and use it for commands and control (also seen in connection with the sliver-based C2 Framework)
No one company was being targeted; it was a coincidence that many other companies were impacted. Countries that were heavily impacted include Canada, Serbia, South Korea, UAE, and the United States.
According to Flare, TeamPCP is most dangerous due to their operational maturity: lightweight modifications of open-source tools, payloads sensitive to their environment, and mixing compute exploitation with data theft result in resiliency and numerous avenues for revenue generation.
Defending against their attacks comes down to fundamental measures applied within the cloud:
1. Restrict the use of public Docker/K8s APIs, apply RBAC, & use network policy to secure control planes
2. Patch React/Next.js as soon as possible (to stay updated on RSC vulnerabilities).
3. Search for exposed Ray/Redis & implement authentication/firewalling measures.
4. Identify any suspicious pod deployment using privileged container images as well as identify any outbound proxying for invalid destination/authorization connections.
5. Turn on runtime security for cloud-native threat detection (i.e., Falco/Sysdig).
Overall, this serves as a reminder that in cloud-native environments, an exposed API or unpatched web framework can create a self-replicating, organized criminal botnet literally overnight.
Source: The Hacker News
February 09, 2026
February 09, 2026
February 09, 2026
December 25, 2025
January 21, 2026
August 21, 2025
© 2016 - 2026 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067
