Inside JADEPUFFER: The first ransomware operation driven by autonomous agents | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


To date, any ransomware attack required human intervention to plan, choose targets, test credentials, or fix code errors. But it seems that has also changed. Artificial intelligence now has enough autonomy to perpetrate one of these incidents.

Threat researchers from the cybersecurity firm Sysdig have documented the existence of an operator called JADEPUFFER, the first known case of a ransomware attack autonomously executed by an agent based on a language model (LLM).

The attack began by exploiting a critical vulnerability in Langflow, an open-source tool used to create applications based on language models and artificial intelligence.

The security flaw allowed any attacker to execute code remotely without needing to authenticate, opening the door to complete control of the affected server.

Once it gained entry into the system, the AI agent began to behave like an experienced cybercriminal. It first gathered information about the compromised environment, searched for credentials and access keys, extracted data from internal databases, and checked which other services were accessible from that server.

The goal was not to remain on the initial machine but to use it as a springboard to reach much more valuable systems.

That move led the agent to a production server hosting a MySQL database and a service called Nacos, used to manage enterprise application configurations. There it found another long-known vulnerability that allowed bypassing the authentication system.

Learns quickly

One of the aspects that most caught the researchers’ attention was this ‘robotic cybercriminal’s’ ability to correct its own mistakes.

In a first attempt, it tried to create an administrator account, but the operation failed. Just 31 seconds later, it launched a corrected version of the procedure, modified the way it generated credentials, and successfully gained access.

For Sysdig’s experts, this ability to detect a failure, adapt, and retry completely automatically is one of the strongest indications that the operation was carried out by an autonomous agent and not by a person using conventional tools.

With access already secured, the most destructive phase of the attack began. JADEPUFFER encrypted more than 1,300 configuration elements stored in the database, deleted the original tables, and created a ransom note with a Bitcoin address and a contact email to demand payment.

However, Sysdig’s analysis revealed a particularly concerning detail: Everything suggests that the key used to encrypt the data was never stored or sent to any server controlled by the attackers.

This means that even by paying the ransom, the victims probably would not have been able to recover their information, turning the incident into an attack more oriented towards data destruction than obtaining economic benefit.

Researchers also found a comment within the code suggesting that the information had been backed up to an external IP address. However, after analyzing the activity, they found no evidence that this backup was actually made, so it could simply be a maneuver to increase psychological pressure on the victims.

Although the spotlight is on artificial intelligence, experts warn that the real problem was not the AI itself but the poor security practices that facilitated the attack. Exposed credentials, default configurations, unpatched vulnerabilities, and excessive privileges allowed the agent to advance through the infrastructure in a matter of minutes.

To date, any ransomware attack required human intervention to plan, choose targets, test credentials, or fix code errors. But it seems that has also changed. Artificial intelligence now has enough autonomy to perpetrate one of these incidents.

Threat researchers from the cybersecurity firm Sysdig have documented the existence of an operator called JADEPUFFER, the first known case of a ransomware attack autonomously executed by an agent based on a language model (LLM).

The attack began by exploiting a critical vulnerability in Langflow, an open-source tool used to create applications based on language models and artificial intelligence.

The security flaw allowed any attacker to execute code remotely without needing to authenticate, opening the door to complete control of the affected server.

Once it gained entry into the system, the AI agent began to behave like an experienced cybercriminal. It first gathered information about the compromised environment, searched for credentials and access keys, extracted data from internal databases, and checked which other services were accessible from that server.

The goal was not to remain on the initial machine but to use it as a springboard to reach much more valuable systems.

That move led the agent to a production server hosting a MySQL database and a service called Nacos, used to manage enterprise application configurations. There it found another long-known vulnerability that allowed bypassing the authentication system.

Learns quickly

One of the aspects that most caught the researchers’ attention was this ‘robotic cybercriminal’s’ ability to correct its own mistakes.

In a first attempt, it tried to create an administrator account, but the operation failed. Just 31 seconds later, it launched a corrected version of the procedure, modified the way it generated credentials, and successfully gained access.

For Sysdig’s experts, this ability to detect a failure, adapt, and retry completely automatically is one of the strongest indications that the operation was carried out by an autonomous agent and not by a person using conventional tools.

With access already secured, the most destructive phase of the attack began. JADEPUFFER encrypted more than 1,300 configuration elements stored in the database, deleted the original tables, and created a ransom note with a Bitcoin address and a contact email to demand payment.

However, Sysdig’s analysis revealed a particularly concerning detail: Everything suggests that the key used to encrypt the data was never stored or sent to any server controlled by the attackers.

This means that even by paying the ransom, the victims probably would not have been able to recover their information, turning the incident into an attack more oriented towards data destruction than obtaining economic benefit.

Researchers also found a comment within the code suggesting that the information had been backed up to an external IP address. However, after analyzing the activity, they found no evidence that this backup was actually made, so it could simply be a maneuver to increase psychological pressure on the victims.

Although the spotlight is on artificial intelligence, experts warn that the real problem was not the AI itself but the poor security practices that facilitated the attack. Exposed credentials, default configurations, unpatched vulnerabilities, and excessive privileges allowed the agent to advance through the infrastructure in a matter of minutes.


——————————————————–


Click Here For The Original Source.

.........................

National Cyber Security

FREE
VIEW