{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/data-encryption/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":["JadePuffer"],"_cs_cpes":["cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","cpe:2.3:a:alibaba:nacos:*:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":9.8,"id":"CVE-2025-3248"},{"cvss":8.6,"id":"CVE-2021-29441"}],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Langflow","Alibaba Nacos"],"_cs_severities":["high"],"_cs_tags":["ransomware","ai","agentic-ai","vulnerability-exploitation","data-encryption","lateral-movement","persistence"],"_cs_type":"threat","_cs_vendors":["Langflow","Alibaba"],"content_html":"\u003cp\u003eThe threat actor known as JadePuffer has been observed utilizing agentic AI to execute a sophisticated ransomware attack, starting with the exploitation of internet-exposed Langflow instances. This campaign, reported by cloud security firm Sysdig, highlights a critical development in cyber warfare where LLM agents automate complex, multi-stage intrusions by combining known exploitation techniques with real-time reasoning. The initial access vector was CVE-2025-3248 (CVSS 9.8), a critical missing authentication vulnerability in Langflow that was disclosed in April 2026 and flagged by CISA as actively exploited in early May 2026. After gaining arbitrary Python code execution, the LLM-driven attacker systematically conducted reconnaissance, harvested credentials, achieved persistence, and moved laterally to production environments, demonstrating an adaptive attack methodology with minimal direct human intervention.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access via Langflow Exploitation\u003c/strong\u003e: JadePuffer exploits CVE-2025-3248, a critical missing authentication vulnerability in an internet-exposed Langflow instance, to gain arbitrary Python code execution on the host.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLLM-driven Reconnaissance\u003c/strong\u003e: The compromised Langflow instance, controlled by an LLM agent, performs reconnaissance, sweeping the system for sensitive data such as API keys, cloud credentials, cryptocurrency wallets, configuration files, and database credentials.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCredential Harvesting and Persistence\u003c/strong\u003e: The LLM dumps Langflow's PostgreSQL database to extract additional secrets and establishes persistence on the Langflow server by deploying a cron job. It also scans reachable internal network services for further credential extraction.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLateral Movement to Production Server\u003c/strong\u003e: Utilizing harvested credentials (including root credentials for a MySQL port), the LLM pivots to a production server hosting a MySQL database and an Alibaba Naming and Configuration Service (Nacos) configuration platform.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNacos Exploitation and Backdoor\u003c/strong\u003e: The LLM targets the Nacos service, exploiting authentication bypass vulnerabilities (e.g., CVE-2021-29441), forging valid JWT tokens using Nacos's known default signing key, and directly injecting a backdoor administrator into the Nacos backing database via root access.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRansomware Deployment and Data Encryption\u003c/strong\u003e: The LLM, after verifying successful access and UDF capabilities, encrypts 1,342 Nacos service configuration items and creates an extortion table containing a ransom demand, payment address, and contact email.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eKey Destruction\u003c/strong\u003e: The randomly generated encryption key is never persisted or transmitted, effectively preventing data recovery for the encrypted Nacos configurations.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis attack resulted in the encryption of 1,342 critical Alibaba Nacos service configuration items, leading to significant data loss and operational disruption for the victim organization. The threat actor also created an extortion table demanding ransom, with no possibility of data recovery due to the destruction of the encryption key. Beyond the direct damage, this incident demonstrates a worrying trend where agentic AI significantly lowers the barrier for complex malicious operations, allowing attackers to automate multi-stage intrusions with minimal cost and adaptive capabilities, posing an increased threat to exposed application servers and unhardened configuration stores across all sectors.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2025-3248 on all internet-facing Langflow instances immediately to prevent initial access.\u003c/li\u003e\n\u003cli\u003ePatch CVE-2021-29441 and all other known authentication bypass vulnerabilities in Alibaba Nacos deployments.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule for suspicious cron job creation (\u003ccode\u003eDetect Suspicious Cron Job Creation from Web Application Process\u003c/code\u003e) to your SIEM.\u003c/li\u003e\n\u003cli\u003eImplement strong authentication for Nacos instances and ensure default JWT signing keys are changed.\u003c/li\u003e\n\u003cli\u003eEnable comprehensive logging for \u003ccode\u003eprocess_creation\u003c/code\u003e on Linux servers to detect unusual parent-child process relationships, especially from web application processes.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule for unusual database dump processes (\u003ccode\u003eDetect Database Dump from Non-DBA Web Application Process\u003c/code\u003e) to your SIEM.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T11:19:16Z","date_published":"2026-07-03T11:19:16Z","id":"https://feed.craftedsignal.io/briefs/2026-07-agentic-ai-ransomware-langflow/","summary":"Threat actor JadePuffer exploited CVE-2025-3248 in Langflow instances, leveraging agentic LLM capabilities for advanced reconnaissance, lateral movement, and ultimately encrypting data on production servers with ransomware.","title":"Agentic AI Used to Conduct Ransomware Attack via Langflow","url":"https://feed.craftedsignal.io/briefs/2026-07-agentic-ai-ransomware-langflow/"}],"language":"en","title":"CraftedSignal Threat Feed - Data-Encryption","version":"https://jsonfeed.org/version/1.1"}