Sysdig Unveils JADEPUFFER: First Agentic Ransomware Attack Exposed

www.news4hackers.com-sysdig-unveils-jadepuffer-first-agentic-ransomware-attack-exposed-sysdig-unveils-jadepuffer-first-agentic-ransomware-attack-exposed

Sysdig Identifies JADEPUFFER, a Novel AI-Driven Ransomware Campaign Exploiting LLM Agents

Attack Overview

A cybersecurity research team has uncovered a ransomware operation that leverages artificial intelligence to execute a full-scale attack chain without direct human intervention. The campaign, attributed to an autonomous agent known as JADEPUFFER, exploited a critical vulnerability in an open-source machine learning framework to compromise a production environment, exfiltrate sensitive data, and execute destructive payloads.

Exploitation of the Vulnerability

The attack began with an unpatched flaw in Langflow, a platform used for developing language model applications. Researchers identified CVE-2025-3248, a severe authentication bypass vulnerability in the framework’s code validation endpoint, which allowed threat actors to execute arbitrary code on affected systems. This initial compromise provided access to internal infrastructure, including cloud credentials and database configurations.

System Enumeration and Data Extraction

Once inside the network, the agent systematically enumerated system details, extracted API keys, and accessed Postgres data stored within the Langflow instance. It then probed internal services, including MinIO storage, using default credentials. The attack transitioned to a production server hosting MySQL and Alibaba Nacos, a service used for dynamic configuration management.

Autonomous Adaptation

Researchers observed that the agent attempted to create an administrator account in Nacos by generating a bcrypt hash. When this initial attempt failed, the agent modified its approach within 31 seconds, regenerating the hash and successfully establishing administrative access. This rapid adaptation demonstrated the autonomous nature of the operation.

Destructive Phase of the Attack

The campaign’s destructive phase involved encrypting Nacos configuration data, deleting database tables, and creating a ransom note with anonymized victim information. Analysis of the payload revealed that encryption keys were not stored or transmitted, rendering decryption impossible without the original key. Additionally, a comment in the code referenced a backup IP address (64.20.53.230), though no evidence of actual data retention at this location was found.

Expert Insights and Recommendations

Experts highlighted that the attack underscored critical security gaps rather than purely technological advancements. Shane Barney, a cybersecurity executive, emphasized that the breach stemmed from unsecured credentials, default configurations, and insufficient access controls. He noted that 72% of organizations lack real-time detection capabilities for credential misuse, allowing threats to escalate rapidly. Barney recommended implementing time-limited privileged access, automated secret rotation, and continuous session monitoring.

Ben Ronallo, a cybersecurity engineer, pointed to the prolonged exposure of the Langflow vulnerability as a primary concern. He stressed that organizations must prioritize patch management and conduct thorough network audits to identify lateral movement paths.

Post-Incident Actions

Researchers advised affected entities to review logs for specific indicators of compromise, including unusual API activity and unauthorized database access. The incident marks a significant evolution in ransomware tactics, demonstrating how AI agents can execute complex operations with minimal human oversight. The attack chain relied on well-documented vulnerabilities, emphasizing the importance of proactive security measures over reactive responses.

Conclusion

Security teams are urged to reassess their defenses against automated threat actors capable of adapting to security controls in real time. The JADEPUFFER campaign highlights the urgent need for robust credential management, timely patching, and continuous monitoring to mitigate risks posed by AI-driven ransomware.



About Author

en_USEnglish