JadePuffer: Sysdig Sniffs Out the First Agentic Ransomware | #ransomware | #cybercrime


It reasoned in natural language, prioritised its targets and adapted its operation in real-time retrying failed steps using modified parameters. 

The Sysdig researchers recount an instance when the ATA went from a failed login to a working fix in a mere 31 seconds.

The initial access and establishment of persistence

Initial access itself was through a known vulnerability in a popular, open-source LLM building framework called Langflow.  

CVE-2025-3248, which is a missing-authentication flaw wherein attackers can execute Python code on the host. 

Langflow is exposed in many internet facing deployments and is often an attractive entry point for attackers considering how AI-adjacent its servers are and how it holds API keys and cloud credentials in their environment and often do not have network controls. 

Once it gained execution, the agent swept the environment parallelly looking for various secrets including LLM API keys from major providers including OpenAI, Anthropic, DeepSeek, Gemini and others, cloud credentials, cryptocurrency wallets, database credentials and configuration files. 

After collecting cloud credentials and API keys JadePuffer expanded its access by extracting data from Langflow’s PostgreSQL database, recovering stored credentials, API keys and user information before removing the temporary files it had created. 

It then explored the internal network, searching for databases, storage systems and secret management services, eventually finding a MinIO object storage server where it identified and retrieved additional credentials from configuration files, adapting its approach when its first attempt did not work. 



Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW