{"id":2077,"date":"2026-03-23T16:01:38","date_gmt":"2026-03-23T16:01:38","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/"},"modified":"2026-03-23T16:01:38","modified_gmt":"2026-03-23T16:01:38","slug":"canisterworm-springs-wiper-attack-targeting-iran","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/","title":{"rendered":"\u2018CanisterWorm\u2019 Springs Wiper Attack Targeting Iran"},"content":{"rendered":"<div>\n<p>A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran\u2019s time zone or have Farsi set as the default language.<\/p>\n<p>Experts say the wiper campaign against Iran materialized this past weekend and came from a relatively new cybercrime group known as <strong>TeamPCP<\/strong>. In December 2025, the group began compromising corporate cloud environments using a self-propagating worm that went after exposed Docker APIs, Kubernetes clusters, Redis servers, and the React2Shell vulnerability. TeamPCP then attempted to move laterally through victim networks, siphoning authentication credentials and extorting victims over Telegram.<\/p>\n<div id=\"attachment_73375\" style=\"width: 979px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" aria-describedby=\"caption-attachment-73375\" decoding=\"async\" class=\"size-full wp-image-73375\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/aikido-iranwiper.png\" alt=\"\" width=\"969\" height=\"496\" srcset=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/aikido-iranwiper.png 969w, https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/aikido-iranwiper-768x393.png 768w, https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/aikido-iranwiper-782x400.png 782w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\"><\/p>\n<p id=\"caption-attachment-73375\" class=\"wp-caption-text\">A snippet of the malicious CanisterWorm that seeks out and destroys data on systems that match Iran\u2019s timezone or have Farsi as the default language. Image: Aikido.dev.<\/p>\n<\/div>\n<p>In a profile of TeamPCP published in January, the security firm <strong>Flare<\/strong>\u00a0said the group weaponizes exposed control planes rather than exploiting endpoints, predominantly targeting cloud infrastructure over end-user devices, with Azure (61%) and AWS (36%) accounting for 97% of compromised servers.<\/p>\n<p>\u201cTeamPCP\u2019s strength does not come from novel exploits or original malware, but from the large-scale automation and integration of well-known attack techniques,\u201d Flare\u2019s <strong>Assaf Morag<\/strong> <a href=\"https:\/\/flare.io\/learn\/resources\/blog\/teampcp-cloud-native-ransomware\" target=\"_blank\" rel=\"noopener\">wrote<\/a>. \u201cThe group industrializes existing vulnerabilities, misconfigurations, and recycled tooling into a cloud-native exploitation platform that turns exposed infrastructure into a self-propagating criminal ecosystem.\u201d<\/p>\n<p>On March 19, TeamPCP executed a supply chain attack against the vulnerability scanner <strong>Trivy<\/strong> from <strong>Aqua Security<\/strong>, injecting credential-stealing malware into official releases on GitHub actions. Aqua Security said it has since <a href=\"https:\/\/github.com\/aquasecurity\/trivy\/discussions\/10425\" target=\"_blank\" rel=\"noopener\">removed<\/a> the harmful files, but the security firm Wiz <a href=\"https:\/\/www.wiz.io\/blog\/trivy-compromised-teampcp-supply-chain-attack\" target=\"_blank\" rel=\"noopener\">notes<\/a> the attackers were able to publish malicious versions that snarfed SSH keys, cloud credentials, Kubernetes tokens and cryptocurrency wallets from users.<\/p>\n<p>Over the weekend, the same technical infrastructure TeamPCP used in the Trivy attack was leveraged to deploy a new malicious payload which executes a wiper attack if the user\u2019s timezone and locale are determined to correspond to Iran, said <strong>Charlie Eriksen<\/strong>, a security researcher at <strong>Aikido<\/strong>. In <a href=\"https:\/\/www.aikido.dev\/blog\/teampcp-stage-payload-canisterworm-iran\" target=\"_blank\" rel=\"noopener\">a blog post<\/a> published on Sunday, Eriksen\u00a0said if the wiper component detects that the victim is in Iran and has access to a Kubernetes cluster, it will destroy data on every node in that cluster.<\/p>\n<p>\u201cIf it doesn\u2019t it will just wipe the local machine,\u201d Eriksen told KrebsOnSecurity.<\/p>\n<div id=\"attachment_73374\" style=\"width: 985px\" class=\"wp-caption alignnone\"><img aria-describedby=\"caption-attachment-73374\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-73374\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/4paths1script.png\" alt=\"\" width=\"975\" height=\"568\" srcset=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/4paths1script.png 975w, https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/4paths1script-768x447.png 768w, https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/4paths1script-782x456.png 782w\" sizes=\"auto, (max-width: 975px) 100vw, 975px\"><\/p>\n<p id=\"caption-attachment-73374\" class=\"wp-caption-text\">Image: Aikido.dev.<\/p>\n<\/div>\n<p><span id=\"more-73368\"><\/span>Aikido refers to TeamPCP\u2019s infrastructure as \u201c<strong>CanisterWorm<\/strong>\u201d because the group orchestrates their campaigns using an <a href=\"https:\/\/docs.internetcomputer.org\/building-apps\/essentials\/canisters\" target=\"_blank\" rel=\"noopener\">Internet Computer Protocol<\/a> (ICP) canister \u2014 a system of tamperproof, blockchain-based \u201csmart contracts\u201d that combine both code and data. ICP canisters can serve Web content directly to visitors, and their distributed architecture makes them resistant to takedown attempts. These canisters will remain reachable so long as their operators continue to pay virtual currency fees to keep them online.<\/p>\n<p>Eriksen said the people behind TeamPCP are bragging about their exploits in a group on Telegram and claim to have used the worm to steal vast amounts of sensitive data from major companies, including a large multinational pharmaceutical firm.<\/p>\n<p>\u201cWhen they compromised Aqua a second time, they took a lot of GitHub accounts and started spamming these with junk messages,\u201d Eriksen said. \u201cIt was almost like they were just showing off how much access they had. Clearly, they have an entire stash of these credentials, and what we\u2019ve seen so far is probably a small sample of what they have.\u201d<\/p>\n<p>Security experts say the spammed GitHub messages could be a way for TeamPCP to ensure that any code packages tainted with their malware will remain prominent in GitHub searches. In a newsletter published today titled <a href=\"https:\/\/risky.biz\/risky-bulletin-github-is-starting-to-have-a-real-malware-problem\/\" target=\"_blank\" rel=\"noopener\">GitHub is Starting to Have a Real Malware Problem<\/a>, <strong>Risky Business<\/strong> reporter <strong>Catalin Cimpanu<\/strong> writes that attackers often are seen pushing meaningless commits to their repos or using online services that sell GitHub stars and \u201clikes\u201d to keep malicious packages at the top of the GitHub search page.<\/p>\n<p>This weekend\u2019s outbreak is the <a href=\"https:\/\/ramimac.me\/trivy-teampcp\/\" target=\"_blank\" rel=\"noopener\">second major supply chain attack<\/a> involving Trivy in as many months. At the end of February, Trivy was hit as part of an automated threat called <a href=\"https:\/\/www.stepsecurity.io\/blog\/hackerbot-claw-github-actions-exploitation#attack-3-microsoftai-discovery-agent---branch-name-injection\" target=\"_blank\" rel=\"noopener\">HackerBot-Claw<\/a>, which mass exploited misconfigured workflows in GitHub Actions to steal authentication tokens.<\/p>\n<p>Eriksen said it appears TeamPCP used access gained in the first attack on Aqua Security to perpetrate this weekend\u2019s mischief. But he said there is no reliable way to tell whether TeamPCP\u2019s wiper actually succeeded in trashing any data from victim systems, and that the malicious payload was only active for a short time over the weekend.<\/p>\n<p>\u201cThey\u2019ve been taking [the malicious code] up and down, rapidly changing it adding new features,\u201d Eriksen said, noting that when the malicious canister wasn\u2019t serving up malware downloads it was pointing visitors to <a href=\"https:\/\/www.youtube.com\/watch?v=dQw4w9WgXcQ\" target=\"_blank\" rel=\"noopener\">a Rick Roll video<\/a> on YouTube.<\/p>\n<p>\u201cIt\u2019s a little all over the place, and there\u2019s a chance this whole Iran thing is just their way of getting attention,\u201d Eriksen said. \u201cI feel like these people are really playing this Chaotic Evil role here.\u201d<\/p>\n<p>Cimpanu observed that supply chain attacks have increased in frequency of late as threat actors begin to grasp just how efficient they can be, and his post documents an alarming number of these incidents since 2024.<\/p>\n<p>\u201cWhile security firms appear to be doing a good job spotting this, we\u2019re also gonna need GitHub\u2019s security team to step up,\u201d Cimpanu wrote. \u201cUnfortunately, on a platform designed to copy (fork) a project and create new versions of it (clones), spotting malicious additions to clones of legitimate repos might be quite the engineering problem to fix.\u201d<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran\u2019s time zone or have Farsi set as the default language. Experts say the wiper campaign against Iran materialized this [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[113,878,879,880,881,882,883,90,884,885,886,143,115,106,887,176,888],"tags":[91],"class_list":["post-2077","post","type-post","status-publish","format-standard","hentry","category-a-little-sunshine","category-aikido","category-aqua-security","category-assaf-morag","category-canisterworm","category-catalin-cimpanu","category-charlie-eriksen","category-cybersecurity","category-flare","category-icp","category-internet-computer-protocol","category-latest-warnings","category-neer-do-well-news","category-ransomware","category-teampcp","category-the-coming-storm","category-trivy","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>\u2018CanisterWorm\u2019 Springs Wiper Attack Targeting Iran - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u2018CanisterWorm\u2019 Springs Wiper Attack Targeting Iran - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran\u2019s time zone or have Farsi set as the default language. Experts say the wiper campaign against Iran materialized this [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-23T16:01:38+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"\u2018CanisterWorm\u2019 Springs Wiper Attack Targeting Iran\",\"datePublished\":\"2026-03-23T16:01:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/\"},\"wordCount\":937,\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/aikido-iranwiper.png\",\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"A Little Sunshine\",\"Aikido\",\"Aqua Security\",\"Assaf Morag\",\"CanisterWorm\",\"Catalin Cimpanu\",\"Charlie Eriksen\",\"Cybersecurity\",\"Flare\",\"ICP\",\"Internet Computer Protocol\",\"Latest Warnings\",\"Ne'er-Do-Well News\",\"Ransomware\",\"TeamPCP\",\"The Coming Storm\",\"Trivy\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/\",\"name\":\"\u2018CanisterWorm\u2019 Springs Wiper Attack Targeting Iran - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/aikido-iranwiper.png\",\"datePublished\":\"2026-03-23T16:01:38+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/#primaryimage\",\"url\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/aikido-iranwiper.png\",\"contentUrl\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/aikido-iranwiper.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u2018CanisterWorm\u2019 Springs Wiper Attack Targeting Iran\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u2018CanisterWorm\u2019 Springs Wiper Attack Targeting Iran - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/","og_locale":"en_US","og_type":"article","og_title":"\u2018CanisterWorm\u2019 Springs Wiper Attack Targeting Iran - Imperative Business Ventures Limited","og_description":"A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran\u2019s time zone or have Farsi set as the default language. Experts say the wiper campaign against Iran materialized this [&hellip;]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-03-23T16:01:38+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"\u2018CanisterWorm\u2019 Springs Wiper Attack Targeting Iran","datePublished":"2026-03-23T16:01:38+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/"},"wordCount":937,"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/#primaryimage"},"thumbnailUrl":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/aikido-iranwiper.png","keywords":["Cybersecurity"],"articleSection":["A Little Sunshine","Aikido","Aqua Security","Assaf Morag","CanisterWorm","Catalin Cimpanu","Charlie Eriksen","Cybersecurity","Flare","ICP","Internet Computer Protocol","Latest Warnings","Ne'er-Do-Well News","Ransomware","TeamPCP","The Coming Storm","Trivy"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/","name":"\u2018CanisterWorm\u2019 Springs Wiper Attack Targeting Iran - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/#primaryimage"},"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/#primaryimage"},"thumbnailUrl":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/aikido-iranwiper.png","datePublished":"2026-03-23T16:01:38+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/#primaryimage","url":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/aikido-iranwiper.png","contentUrl":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/03\/aikido-iranwiper.png"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/23\/canisterworm-springs-wiper-attack-targeting-iran\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"\u2018CanisterWorm\u2019 Springs Wiper Attack Targeting Iran"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/2077","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=2077"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/2077\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=2077"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=2077"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=2077"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}