What is AI strategy consulting?

AI strategy consulting helps businesses define their AI vision, identify high-impact use cases, and develop a roadmap for successful AI adoption. At Epoch AI, we work with leadership teams to align AI initiatives with business objectives, ensuring measurable ROI from day one.

How can AI automation benefit my business?

AI automation can streamline processes, reduce costs, improve efficiency, and unlock new revenue streams by automating repetitive tasks and providing data-driven insights. According to McKinsey, companies that adopt AI at scale see a 20-30% improvement in operational efficiency.

What industries does Epoch AI Consulting serve?

Epoch AI Consulting serves a wide range of industries, including construction, agriculture, marketing, legal, HR, retail, hospitality, logistics, and SMEs. Our industry-tested playbooks allow us to deploy AI solutions quickly regardless of sector.

What does an AI consultant do?

An AI consultant helps organisations identify opportunities to leverage artificial intelligence, develops implementation strategies, and guides teams through AI adoption to achieve measurable business outcomes. We provide hands-on support from strategy through to delivery.

How much does AI consulting cost in the UK?

AI consulting costs in the UK typically range from £500 to £2,000 per day for independent consultants. At Epoch AI Consulting, we offer tailored packages based on project scope and complexity, ensuring you get maximum value from your investment.

Why choose Epoch AI Consulting?

Epoch AI Consulting combines deep technical expertise with real-world business acumen. We don't just advise — we build, train, and deliver. Our team has helped organisations automate complex processes, upskill their teams, and achieve measurable results with AI.

Self-propagating malware poisons open source software and wipes Iran-based machines

Executive Summary

A new hacking group, TeamPCP, has launched a sophisticated and rapidly evolving malware campaign targeting open-source software, including the widely used Trivy vulnerability scanner. The campaign involves a self-propagating worm with the alarming potential to wipe machines specifically in Iran, raising significant security concerns and highlighting the risks of supply-chain attacks in software development.

Introduction

The digital landscape is constantly evolving, and with it, the sophistication of cyber threats. Businesses today rely heavily on open-source software for its flexibility and cost-effectiveness, but this reliance also introduces vulnerabilities. A recent and alarming example of this is the emergence of a new hacking group known as TeamPCP, which has launched a relentless campaign using self-propagating malware to compromise systems. This incident serves as a stark reminder of the need for robust security measures and a proactive approach to threat detection and response, particularly within the software development lifecycle. The attack underscores the importance of securing CI/CD pipelines and highlights the potential for devastating supply-chain attacks.

Key Developments

TeamPCP's Emergence and Initial Activity

TeamPCP first came to the attention of security researchers in December 2025. Their initial focus was on compromising poorly secured cloud-hosted platforms to build a distributed proxy and scanning infrastructure. This infrastructure was then used for various malicious activities, including data exfiltration, ransomware deployment, extortion, and cryptocurrency mining. The group quickly gained notoriety for its proficiency in large-scale automation and its ability to integrate established attack techniques effectively.

Supply-Chain Attack on Trivy

More recently, TeamPCP executed a supply-chain attack that compromised virtually all versions of the Trivy vulnerability scanner. This was achieved through privileged access to the GitHub account of Aqua Security, Trivy's creator. The compromise allowed TeamPCP to inject malicious code into the widely used scanner, impacting a vast number of users and systems.

CanisterWorm: A Self-Propagating Threat

Following the Trivy compromise, researchers observed TeamPCP spreading a potent worm dubbed CanisterWorm. This worm is designed to spread automatically to new machines without requiring user interaction. Once a machine is infected, CanisterWorm searches for npm repository access tokens and compromises publishable packages by creating new versions laced with malicious code. The worm's control mechanism is particularly noteworthy. It utilises an Internet Computer Protocol-based canister, a tamper-proof smart contract designed to be resilient to takedown attempts. This canister points to dynamically changing URLs for servers hosting malicious binaries, allowing the attackers to constantly update the worm's control servers.

Targeting Iran with Kamikaze Wiper

As the attack evolved, CanisterWorm was updated to include an additional payload: a wiper specifically targeting machines in Iran. This wiper, named Kamikaze, is triggered when the infected machine is in the Iranian timezone or configured for use in that country. The wiper's "decision tree" is alarmingly straightforward: on Kubernetes systems in Iran, it deploys a DaemonSet that wipes every node in the cluster. On non-Kubernetes systems in Iran, it executes rm -rf / --no-preserve-root, effectively wiping the entire file system. While there's no confirmed evidence of actual damage to Iranian machines, the potential for large-scale impact is significant.

Business Implications

This attack has several critical implications for businesses:

• Supply-Chain Risk: It underscores the inherent risks in relying on open-source software and the potential for supply-chain attacks. Organisations must implement robust security measures to verify the integrity of software components and dependencies.
• CI/CD Pipeline Security: The targeting of CI/CD pipelines highlights the need for enhanced security measures in these critical development workflows. Securing access tokens, implementing multi-factor authentication, and regularly auditing pipeline configurations are essential.
• Geopolitical Considerations: The targeting of Iran raises questions about the motives behind the attack and the potential for politically motivated cyberattacks. Businesses operating in or with connections to countries involved in geopolitical tensions must be particularly vigilant.
• Reputational Damage: A successful supply-chain attack can have significant reputational consequences for both the compromised software vendor and the organisations that rely on their products.
• Increased Scrutiny: Expect increased scrutiny from regulators and customers regarding your organisation's cybersecurity practices.

The Epoch AI Perspective

This incident highlights the growing complexity and sophistication of cyber threats, and the need for a proactive, intelligence-driven approach to security. We, as an AI consultancy firm see opportunities where AI implementation can improve incident response. Businesses are at a turning point as they need to be able to move faster and improve their AI strategy to protect from quickly changing attacks.

As an AI consultant UK, Epoch AI Consulting recognises that AI can play a critical role in several areas. One is threat detection: AI-powered systems can analyse vast amounts of data to identify anomalous behaviour and detect malicious activity that might otherwise go unnoticed. Automation of incident response is crucial as well. AI can automate certain aspects of incident response, such as isolating infected systems, blocking malicious traffic, and remediating vulnerabilities. Another area is vulnerability management. AI can assist in identifying and prioritising vulnerabilities, helping organisations to focus their resources on the most critical risks.

But the technology alone is not enough. Organisations need to invest in AI training for their employees to ensure they have the skills and knowledge to effectively use AI-powered security tools and respond to cyber threats. This corporate AI training should cover topics such as threat intelligence, incident response, and vulnerability management. Bespoke AI workshops help organisations get the most value from their data and security products.

An AI roadmap is essential for successfully how to implement AI in business. Epoch AI Consulting can help businesses develop a comprehensive enterprise AI strategy that aligns with their specific needs and goals. From helping clients understand their AI maturity to providing guidance on AI training for employees, our team of experts can provide the support and guidance needed to navigate the complexities of AI adoption and achieve tangible business outcomes. We understand that AI adoption strategy needs to be a core part of all businesses as they move forward. Whether they hire an AI consultant, or work with an AI consulting firm, they need to move fast and work with the best AI consultancy for businesses UK. Epoch can help AI consulting for SMEs as well as enterprise, and we are well-regarded as the best AI consultancy UK.

Conclusion

The TeamPCP campaign serves as a wake-up call to organisations of all sizes. The threat landscape is constantly evolving, and businesses must adopt a proactive and intelligence-driven approach to security. Investing in robust security measures, securing CI/CD pipelines, providing AI training, and developing a comprehensive AI strategy are essential steps to mitigate the risks posed by sophisticated cyber threats. As attacks become more advanced, so must our defences. The future of cybersecurity lies in leveraging the power of AI to detect, prevent, and respond to threats more effectively.

Source: Self-propagating malware poisons open source software and wipes Iran-based machines