Mar 23, 2026highcloud

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated threat group has deployed 'CanisterWorm', a self-spreading worm that targets poorly secured cloud services and wipes data on systems configured with Iran's time zone or Farsi as the default language. The worm propagates through misconfigured cloud environments, posing a risk to any developer or organization with improperly secured cloud infrastructure. Developers should audit cloud service configurations and access controls immediately, as misconfigured services can serve as an entry point for destructive wiper malware.

what's affected‘CanisterWorm’ Springs Wiper Attack Targeting Iran

mitigation statusMonitoring updates

first reportedMar 23, 2026

social pulse

mentions (24h)639

velocitytrend flat

mentions delta+3% vs yesterday

platform splitX 58% · Reddit 23% · GitHub 19%

keywords

cloudvulnerabilitymitigation

x analyticsheat 0

authors 0verified 0%

likes0

retweets0

replies0

quotes0

summaryDiscussion is steady around exposure checks and mitigation updates.

sources

https://krebsonsecurity.com/2026/03/canisterworm-springs-wiper-attack-targeting-iran/

Curated Mar 23, 2026 by the ahackaday team./Sources verified./Brief grounded in 1 source.

Grace Your AI security internreadyGrace is ready

Grounded in this brief only — ‘CanisterWorm’ Springs Wiper Attack Targeting Iran. Press ⌘K any time.

You're answering aschange anytime

Pick a playor type your own ↓

Tone

Pick a play above, or type your question

Generate an answer and Grace will return a grounded response for this incident.

scanning advisory feeds…