Forgot your password?
typodupeerror

Submission + - AI Agent Executes 'First' End-To-End Ransomware Attack (theregister.com)

An anonymous reader writes: They're not bad; they're just prompted that way. Sysdig threat hunters documented what they say is the first-ever documented agentic ransomware infection with an LLM — not a human — driving the entire extortion operation, from gaining initial access to compromising a production database server and destroying data. The security shop’s research team named the agentic intruder JadePuffer and said it gained initial access to an internet-facing Langflow instance by exploiting CVE-2025-3248, and then ran a fully automated attack. “The most striking characteristic, however, was the LLM's behavior,” Sysdig director of threat research Michael Clark said in a blog about the agentic ransomware and extortion operation.

JadePuffer’s “self-narrating” payloads “contained natural language reasoning, target prioritization, and the kind of detailed annotations that human operators don’t often write but LLM-generated code produces reflexively,” Clark added. “The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds.” After exploiting CVE-2025-3248, a missing authentication vulnerability in Langflow that allows remote, unauthenticated attackers to execute arbitrary Python on the host, the AI agent began scanning for and collecting secrets, including LLM provider API keys, cloud credentials “with explicit coverage of Chinese providers” including Alibaba, Aliyun, Tencent, and Huawei, while also scanning for AWS, Azure and Google Cloud Platform, cryptocurrency wallets, and database credentials.

The AI also installed a crontab entry on the Langflow server to maintain persistence and call back to the attacker’s infrastructure every 30 minutes. JadePuffer’s intended target was a separate internet-exposed production server running a MySQL database and an Alibaba Nacos configuration service, we’re told. Nacos is an open-source service-discovery and dynamic configuration platform developed by Alibaba and used in the cloud provider’s microservices applications. The agent connected to the server's exposed MySQL port using root credentials, although Sysdig doesn’t know how the attacker obtained them. These credentials weren’t stolen from the victim’s environment.

JadePuffer then attacked Nacos via multiple vectors including an authorization bypass flaw (CVE-2021-29441) and forging a valid JSON web token (JWT) using Nacos's default signing key. Additionally, using its root database access, the LLM injected a backdoor administrator into the Nacos backing database. It ultimately encrypted all 1,342 Nacos service configuration items using MySQL's built-in AES encryption function, and created an extortion demand, ransom note, Bitcoin payment address, and a Proton Mail contact [...]. However, according to the threat hunters, the victim can’t recover the encrypted data, even if they paid the ransom demand, because the agent escalated “from row-level deletion to dropping entire database schemas, narrating its own targeting rationale,” without backing up any of the encrypted data.

Comment IEEE is horribly under-informed (Score 1) 159

The company I work with can easily ramp up satellite production to the scale required. It's one of the reasons I got hired, my extensive manufacturing experience in electronics and solar and power systems pairs perfectly with the requirements.

Perhaps the IEEE should spend some actual time with the companies that already have some of this hardware in orbit, with more going up soon.

Comment Obligatory religious joke (Score 3, Funny) 57

After discovering how to clone humans, two scientists challenged God:

"We don't need you anymore," they said. "We can make life by ourselves now."

"Okay," God replied, "let's have a man-making contest."

"All right," said the scientists. "We'll do it like you did in the beginning." Then they reached down to grab a handful of dirt to begin to form a man.

Then they heard God's voice from heaven: "Hold it - get your own dirt!"

--
Credit: Not sure who created this joke, but I 8th-commandmented it from here.

Comment Re:Yes. This is how you keep housing costs down (Score 1) 124

he only thing that can make it less carbon intensive is using low carbon power to generate the electricity.

1) Use solar, hydro, wave-power, etc. so there is no or very little incremental carbon cost
2) Offset the amortized carbon-cost of setting up the green-power-plant and any small incremental carbon cost by planting forests or buying carbon offsets.

There you go, net zero.

Comment Re:The US needs to get on board too (Score 2) 84

Middle-range drones are in use because anti-aircraft measures have gotten so good.

No. The lack of anti-aircraft measures is why middle-range drones are being used so extensively. Ukraine put a lot time and effort into degrading Russian AA, whether radar systems, S-300/400/500, Pantsir, or anything else. The last number I saw was about 1,700 AA of all types damaged or destroyed.

Once AA is reduced, this opens corridors for drones/missiles, which is exactly what Ukraine is doing. Crimea is now essentially an island, with supplies rapidly dwindling and people fleeing while they can. Moscow has three rings of AA to try (and faling) to protect itself. Meanwhile, oil refineries the length and breadth of Russia are going up in flames each week.

Ukraine does have Baba Yaga drones (heavy drones which can carry multiple, large mortars/bombs), and those are being used to take out fortified positions.

Single-use drones are stil highly in use, which is what a middle-range drone is.

Comment Re:Don't look! Don't look! (Score 1) 76

What a weird ... hey, wait, I think I figured it out!

You're looking at it from the point of view of the bank robber, aren't you? (Instead of from the point of view of all the people who didn't rob the bank but still somehow had their locations leaked to the government.)

Did I guess right?

Comment Small efficiency gain in the assembly line (Score 2) 18

I'm imagining devices going by a conveyor belt, and a worker with a wirecutter is making a brief snip on each of the devices as it travels by.

The boss walks up, and the snipper guy asks "Is it true? Is the customer canceling?"

The boss briefly nods but then shakes his head. "Yeah, they're canc--no, I mean they still want the devices. They just don't want the snipping anymore. They say go ahead and leave the warrant-detection-and-lookup circuit live."

"Good. I never really understood what I was doing here. They're still weren't required to check the sensor anyway, so why disable it?"

The boss explained, "so we could charge them for the snipping."

Slashdot Top Deals

Advertising is the rattling of a stick inside a swill bucket. -- George Orwell

Working...