JADEPUFFER: First Fully Autonomous AI-Driven Ransomware Attack Documented
ID: 099eaf35-c5a6-548c-8bb3-c049d02f83cb
STIX ID: report--099eaf35-c5a6-548c-8bb3-c049d02f83cb
Feed Name: ThreatCluster
Threat Score
Sysdig Threat Research documents JADEPUFFER, the first observed fully autonomous LLM-driven ransomware, which exploited CVE-2025-3248 (Langflow RCE) to harvest credentials, pivot to a production MySQL server (Alibaba Nacos), and encrypt 1,342 configuration items; the operation demonstrated realtime adaptability (e.g., fixing a failed login in 31 seconds) and left encrypted data deemed unrecoverable even if ransom was paid.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
