1st ‘agentic ransomware’ JADEPUFFER invades database at machine speed | news | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


Sysdig researchers said they discovered the first instance of an “agentic ransomware” attack in the wild.Dubbed JADEPUFFER, the “agentic threat actor” utilized a large language model (LLM) to drive the intrusion, adapting its payloads in real time to ultimately access and encrypt the targeted database without human intervention, Sysdig said in a blog post Wednesday.The attack began with initial access via an internet-exposed Langflow instance vulnerable to CVE-2025-3248, a missing authentication flaw. This weakness enabled JADEPUFFER to execute Python code on the target machine, later pivoting from Langflow to a server running the Alibaba Naming and Configuration Service (Nacos) with a MySQL backing database.While attempting create a backdoor admin account on the Nacos configuration server, JADEPUFFER encountered an error, and returned with a working fix within 31 seconds, demonstrating the machine speed and adaptability of the AI-driven attack.“This is our new reality. When the adversary rewrites its own exploit code on the fly, static signatures can’t keep pace — only runtime behavioral detection, watching what a process does rather than what it matches, stands a chance of catching it,” Ram Varadarajan, CEO at Acalvio, told SC Media in an email.JADEPUFFER initially harvests secrets from the Langflow instance, including API keys for LLM services, cloud credentials (specifically targeting Chinese providers such as Alibaba, Tencent and Huawei), cryptocurrency wallets and seed phrases, and database credentials and configuration files. It also harvests sensitive data from the Postgres database backing Langflow and a MinIO object store.The malware scanned for addresses and services reachable from the Langflow instance for lateral movement and established persistence on the Langflow host by installing a crontab entry, the researchers said.“The CVE associated with the Langflow compromise was published over a year ago and has been known as exploitable for an equally long time. As this attack shows, it’s not a matter of if a known vulnerability will be exploited, but rather when it will be exploited and what the impact of that exploit will be,” noted Ben Ronallo, principal cybersecurity engineer at Black Duck, in comments to SC Media.The agentic threat actor then moved to compromise the Nacos service, connecting to the server through its exposed MySQL port using root credentials; the researchers were not able to determine where the attacker obtained the credentials, as they were not exfiltrated from the victim’s machine.The agent also exploited the authentication bypass flaw CVE-2021-29441 in Nacos to facilitate the server takeover. In addition to the 31-second fix for its initial login failure, which would be impossible for a human to perform manually, the payloads reveal their LLM-generated nature through extensive “self-narration” comments that explain the purpose of each code section.The ransomware phase of the attack used MySQL’s AES_ENCRYPT() to encrypt all 1,342 Nacos configuration items on the server and created a “README_RANSOM” table containing the ransom demand, a Bitcoin wallet address and a Proton Mail address for negotiations.However, the researchers noted that the generated AES key was never persisted or exfiltrated to the attacker, making decryption impossible, and the Bitcoin address matches an example address used across Bitcoin developer documentation, potentially representing an artifact from LLM training data rather than the attacker’s true address.While mass deleting unencrypted files, the LLM’s internal narration claims that the files were backed up to an external IP address, but Sysdig found no evidence the files were exfiltrated during the attack.Sysdig concluded that JADEPUFFER is a “warning sign” for a new era of ransomware attacks driven end-to-end by autonomous AI agents rather than skilled threat actors. The researchers note that the LLM’s own extensive comments offer valuable intelligence to help defenders detect and investigate attacks but warned that the LLM also makes false assertions that should not be taken at face value.The researchers recommended patching vulnerabilities such as CVE-2025-3248, utilizing runtime threat detection and hardening Nacos environments by changing the default JWT signing key, never exposing Nacos to the internet and never connecting Nacos to its backing database as root.“Every entry point JADEPUFFER exploited traces back to a failure of credential governance: secrets stored where they should not be, default credentials left unchanged and privileged accounts left open with no time-bound or scope-limited controls in place,” Shane Barney, CISO at Keeper Security, told SC Media. “Security research found that 72% of organizations cannot detect credential misuse in real time, with most identifying unauthorized privileged access within hours rather than minutes. An AI agent operating at machine speed can move from initial access to full destruction well inside that window.”

——————————————————–


Click Here For The Original Source.

.........................

National Cyber Security

FREE
VIEW