← Retour
IA 06 juil.

The ‘first’ AI-run ransomware attack still needed a human

06 juil. · 20 vues

Researchers at cloud security firm Sysdig reported the first known case of "agentic ransomware," an extortion operation called JadePuffer, in which an AI agent handled the technical execution of a cyberattack from start to finish. The agent broke into a vulnerable server, stole credentials, moved through the target's network, encrypted files, and wrote its own ransom note. However, Sysdig's Michael Clark clarified that a human was still involved in setting up and pointing the operation, provisioning the infrastructure, and choosing the victim, and that the credentials used were obtained through a prior compromise. The attack exploited a known bug in Langflow, an open-source tool for building LLM apps, then moved to a production MySQL server and exploited another flaw to gain admin access. The agent encrypted over 1,300 configuration records and left a ransom note with a Bitcoin address. Sysdig noted that while the techniques were ordinary, the speed and transparency were notable, with the agent fixing a failed login in 31 seconds and narrating its reasoning in natural-language code comments. Clark clarified that multiple API keys found for models like OpenAI and Anthropic were part of what the agent stole, not evidence of multiple models powering the attack. Sysdig was unable to identify the specific model driving the agent or its system prompt. The victim of the attack has not been disclosed.

Publicite
Lien copie !