INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

Agentic Ransomware Operation Details JADEPUFFER

| 2026-07-02 10:22 CRITICAL HIGH
Executive Summary AI-generated
The emergence of a sophisticated and highly advanced ransomware operation, dubbed JADEPUFFER, has left cybersecurity researchers stunned. This AI-powered threat actor exploited vulnerabilities in Langflow instances to carry out destructive attacks on production servers, leaving behind encrypted Nacos configuration items and Bitcoin addresses as ransom notes. The use of large language models to plan and execute the attack highlights a significant shift in cybercrime tactics, making it increasingly difficult for human-controlled tools to keep pace with sophisticated AI-powered threats.
Technical Mitigations AI-generated
* Implement secure coding practices, such as validating user input and using secure authentication mechanisms to prevent remote unauthenticated attackers from executing arbitrary code. * Regularly update and patch software applications that contain known vulnerabilities, including open-source frameworks like Langflow, to ensure they have the latest security patches. * Use secure communication protocols, such as HTTPS or SFTP, when transferring sensitive data or credentials to prevent eavesdropping and tampering. * Monitor system logs and network traffic for suspicious activity, and implement intrusion detection systems (IDS) and intrusion prevention systems (IPS) to detect and respond to potential threats in real-time. * Use secure password management practices, such as using strong, unique passwords and enabling multi-factor authentication whenever possible, to prevent attackers from gaining unauthorized access to sensitive data.
Technical Observables
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2025-3248CVE-2025-3248 CVE-2021-29441CVE-2021-29441
Target & Sectors
CN
Incident Timeline
‎May 2025
The vulnerability was fixed in Langflow 1.3.0 and added to CISA's Known Exploited Vulnerabilities list on May 2025, but many servers were not updated by that time.
infrastructure 1.3.0
tactic T1588.006 - Vulnerabilities
‎August 2025
Researchers at ESET discovered and publicly disclosed the first documented Agentic Ransomware operation, PromptLock.
tactic Ransomware
organisation ESET
organisation NYU
financial 3.0 Ransomware
‎November 2025
China's state-linked espionage group, Anthropic, launched a cyberattack in November 2025.
source_region China
‎2026/07/02
JADEPUFFER, the first documented agentic ransomware operation.
organisation Automate Database Ransomware Attack
organisation Ransomware
victims 17 organizations
financial $500,000 demands
organisation CVE-2025
organisation NVD
organisation JADEPUFFER
organisation Langflow
organisation LLM
organisation the Sysdig Threat Research Team
organisation API
organisation Langflow’s Postgres
organisation Nacos
organisation MySQL’s AES_ENCRYPT
organisation Sysdig
organisation IP
organisation Shane Barney
organisation Keeper Security
organisation Black Duck
organisation Ronallo
organisation Its Threat Research Team
organisation Alibaba and Tencent
organisation AWS
organisation Google
organisation AES-256
Tactical Metrics
Metrics
financial
3
Ransomware
Metrics
victims
17
Organizations
Metrics
financial
500,000
Demands
Metrics
infrastructure
‎1.3.0
Software Version