AI agent carries out ‘first’ ransomware attack | #ransomware | #cybercrime


Researchers claimed to have uncovered what may be the first ransomware attack to be conducted by an AI agent.

Dubbed JadePuffer, the agent was used for harvesting and reusing credentials, moving laterally through systems, establishing persistence, and even destroying a database.

According to Sysdig, AI agent JadePuffer breached open-source AI app builder LangFlow through a historical API-related vulnerability.

Via the LangFlow server, it then executed Python malware and operated reconnaissance for API keys via the likes of OpenAI, Anthropic, and Gemini. The agent then began harvesting cloud credentials with “explicit coverage” of Chinese providers such as Huawei, along with a scan for the main three U.S. hyperscale platforms.

JadePuffer was also spotted probing canonical MinIO addresses in containerized deployments. MiniIO is a self-hosted S3-compatible object store is found in many on-premises and cloud-native stacks to store backups, infrastructure state, application data, and machine learning.

Sysdig reported the agent then “dumped” the Postgres database underpinning Langflow, keeping stored credentials, API keys, and user records before staging the output to local files before reviewing and deleting them.

Michael Clark, director of threat research at Sysdig, noted the agent scanned the internal address space and named services reachable via the Langflow host for its reconnaissance.

Zero humans in the loop

The JadePuffer attack represented a complete end-to-end extortion operation entirely executed by a large language model (LLM), which Clark dubbed as the first documented case of agentic ransomware.

Clark highlighted the attack leveraged various old vulnerabilities, including one involving distributed system manager Nacos.

“Agents make spraying the entire historical vulnerability catalogue effectively free, so the long tail of unpatched systems becomes more exposed, not less,” Clark said.

“An LLM narrates its own objectives in its payloads. An LLM agent can chain reconnaissance, credential theft, lateral movement, persistence, and destruction without the operator possessing deep expertise in any one step. Tradecraft that once implied a capable human now implies a capable model,” Clark added.

The evolving level of agentic autonomy has been an increasing concern for security in recent months. This title for example discovered AI agents were sharing security evasion tips on Moltbook, the forum exclusively populated by AI agents, with advice on web scraping under the cover of mobile proxies.

While both Moltbook’s agents and JadePuffer may have been malicious in intent, vendors and experts alike have sounded the alarm on errors accidentally made by agents, which could have repercussions for network systems. This has led to calls for keeping humans in the loop on all automated networking efforts, as well as digital twin solutions from Nvidia, Microsoft, and Forward, which promise human oversight over agents by simulating their next moves in a workflow.



Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW