Particle.news

Sysdig Details JadePuffer, an LLM-Driven Ransomware Campaign

Researchers say the autonomous AI agent compressed the attack timeline, producing an unrecoverable encryption key for victim configuration data.

Overview

  • Sysdig disclosed Monday that its forensic analysis found an LLM agent first exploited CVE-2025-3248 in an internet-facing Langflow instance to achieve code execution and initial access.
  • The firm says the agent ran a multi-stage, fully automated playbook that performed reconnaissance, harvested API and database credentials, stole local Postgres data, enumerated MinIO object storage, and established persistence with a cron job.
  • The agent then pivoted to a production MySQL server running Alibaba Nacos, exploited older flaws including CVE-2021-29441, and encrypted and deleted 1,342 Nacos service configuration items with an AES key that was printed to stdout but never saved, making recovery impossible even if a ransom were paid.
  • Sysdig observed the malware narrating its own steps, redeploying corrected payloads within seconds, and using multiple models for decision making, though researchers say a human still provisioned infrastructure and chose the victim and independent third-party validation is pending.
  • Security experts urge immediate patching of exposed AI workflow tooling, removal of default keys, strict credential controls, network segmentation, and monitoring for LLM-like payloads because the attack shows agentic AI can sharply shrink defender response time.