FortiBleed Credential Theft Fuels Ransomware Attacks and Links Threat Groups

Security researchers have established a direct link between the FortiBleed campaign and two distinct ransomware groups, INC Ransom and Lynx, through an operational security failure that exposed an initial access broker (IAB) group member logged into both ransomware affiliate panels. This FortiBleed campaign, disclosed on June 17, involved intercepting SSL VPN authentication hashes from over 430,000 targeted Fortinet firewalls, cracking them with a 45-GPU cluster, and using the resulting credentials to gain admin-level access and persistence within victim Active Directory environments. While Fortinet introduced PBKDF2 for credential storage in early 2025, many organizations remained vulnerable due to the requirement for admin re-login to apply the change, leaving older SHA-256 with salt hashes susceptible to brute-forcing. SOC Radar's Threat Research Unit (STRU) confirmed admin access on 409 targets and full attack chain execution on 354, linking at least 12 ransomware attacks to FortiBleed victims, including major entities like FoxConn, Samsung, and Oracle. This investigation underscores that FortiBleed is not merely a credential theft operation but a direct feeder into the ransomware economy, significantly escalating the risk for organizations using FortiGate infrastructure.

Severity: Critical

Threat Details and IOCs

Malware: Anubis, Arkei, AryStinger, Chisel, Coathanger, CryptoBandits, CyberStrike Harvester, DarkComet, DarkKomet, DragonForce, EKZ Infostealer, EKZ Stealer, FakeUpdates, fg_sniffer, FGSniffer, FortigateSniffer, FortiGate Sniffer, GentleKiller, Gentlemen, GOLD IONIC, harvest_orig, HavocKiller, HexKiller, HwAudKiller, Incransom, Inc Ransom, INC Ransom, INC Ransomware, Infamous Chisel, Lumma, LummaC2, Lumma Stealer, Lynx, Lynx ransomware, Lynx Ransomware, Neo-reGeorg, OxideHarvest, RainINC, reGeorg, RenEngine, RenEngine Loader, RisePro, SNIFTRAN, SocGholish, Sphinx, TA569, Tarnished Scorpion, ThrottleBlood, Trojan:Win32/CryptoBandits.A, Vidar, Vidar Stealer, Water Anito, Water Lalawag
CVEs: CVE-2018-13379, CVE-2022-42475, CVE-2023-27997, CVE-2023-3519, CVE-2024-21762, CVE-2024-55591, CVE-2025-24472, CVE-2025-59718, CVE-2025-59719, CVE-2026-21643, CVE-2026-24858, CVE-2026-25089, CVE-2026-25815, CVE-2026-35616, CVE-2026-39808, CVE-2026-39813, CVE-2026-50656
Technologies: Citrix Gateway, Citrix Secure Access, Fortinet, Fortinet FortiAnalyzer, Fortinet FortiClient EMS, Fortinet FortiGate, Fortinet FortiManager, Fortinet FortiOS, Fortinet FortiSandbox, Fortinet FortiWeb, Fortinet SSL VPN, Microsoft Entra ID, Microsoft Remote Desktop Web Access, Microsoft SQL Server, Microsoft Windows, Microsoft Windows Active Directory, Microsoft Windows Server, Nextcloud, Oracle MySQL, PostgreSQL, Sophos, Sophos Firewall, Sophos SSL VPN, Synology Network Attached Storage
Threat Actors: BelsenGroup, Clarksome, INC, INCRansomware, Lynx, Storm0494, VanillaTempest, VoltTyphoon
Attacker Countries: Russia, Yemen
Attacker IPs: 167[.]179[.]76[.]111, 175[.]155[.]64[.]221, 185[.]229[.]26[.]83, 193[.]8[.]187[.]2, 193[.]8[.]187[.]26, 193[.]8[.]187[.]42, 194[.]113[.]39[.]71, 198[.]53[.]64[.]194, 199[.]247[.]7[.]82, 213[.]169[.]49[.]142, 38[.]117[.]87[.]37, 38[.]54[.]88[.]203, 38[.]54[.]95[.]226, 38[.]60[.]212[.]97, 45[.]32[.]153[.]218, 45[.]61[.]136[.]7, 77[.]91[.]122[.]13, 83[.]138[.]53[.]110, 85[.]11[.]187[.]28, 85[.]11[.]187[.]8
Attacker Domains: exploit[.]in, lynxblog[.]net, vast[.]ai
Attacker URLs: 85[.]11[.]187[.]8[:]8443, hxxps[://]www[.]hudsonrock[.]com/fortinet, hXXp[:]//lynxblog.net/
Attacker Hashes: 268a8420b791df46380ed9ad69905207e15d8a7c, 2758f4d71a2a2dfdefab81737c2d776b2a3dafe5844fdd2157e089a28447ca98, 2c98c86e6bd6f46cbd6c89d855541b9da91515b1bb986641a77e31c5c6aa2abb, 38353f95fff270f4e3a9d7add8c64666020dd668ce66e15969a736ec48cadc59, 4253dd1a4c0867b0be7732f75b2f630cebfb7fed94270e15fb3b12ae40546d01, 479ae5fd7274439ddfa27bc03298ebfdfc5ff17f6412acccf74d4dbd90d94218, 4d0b62d3162d4be391e3ba1e191dad28e5e5d5b161cfdef60eeb4361a92d8413, 6e65483764d7c25523a5bbef5be99eb42349eef39d5517c46b3a4af262a80ceb, 7f74bb6ba185978134c318bc5f91d23c, 80d83eb01f28c87a61b51f1f83805e63a791905f019bd3b87f10a10f66efab1e, 874bcb1c3d050a5b5b333a2198f504fcb27927c2abdd43b07440188a380c52d5, 9eaa577c8ba71646928c1c34c3145536b0498f65f26060a6ba00744bcef57644, a8b09fd4f7ff2f298b45ca602992f44b3c2ac3746bcdb182c59ab2a20c690954, c02b014d88da4319e9c9f9d1da23a743a61ea88be1a389fd6477044a53813c72
Victim Industries: Aerospace, Agriculture, Architecture, Automotive, Business Services, Cloud Infrastructure, Construction, Consulting Services, Defense, Education, Energy, Financials, Financial Services, Government, Healthcare, Health Care Technology, Hospitality, Industrials, Information Technology, IT and DevOps, IT Services, Legal Services, Logistics, Manufacturing, Media and Entertainment, Multimedia, Oil & Gas, Professional Services, Public Administration, Real Estate, Retail, Technology Hardware, Telecommunications, Transportation, Utilities
Victim Countries: Afghanistan, Albania, Antigua and Barbuda, Argentina, Armenia, Australia, Azerbaijan, Bahamas, Bahrain, Bangladesh, Barbados, Belgium, Belize, Bhutan, Bolivia, Brazil, Brunei, Bulgaria, Cambodia, Canada, Chile, China, Colombia, Cook Islands, Costa Rica, Croatia, Cuba, Cyprus, Czech Republic, Denmark, Dominica, Dominican Republic, Ecuador, El Salvador, Estonia, Fiji, Finland, France, Georgia, Germany, Greece, Grenada, Guatemala, Guyana, Haiti, Honduras, Hong Kong, Hungary, Iceland, India, Indonesia, Iran, Iraq, Ireland, Israel, Italy, Jamaica, Japan, Jordan, Kazakhstan, Kiribati, Kuwait, Kyrgyzstan, Laos, Latvia, Lebanon, Lithuania, Luxembourg, Malaysia, Maldives, Marshall Islands, Mexico, Micronesia, Mongolia, Montenegro, Myanmar, Nauru, Nepal, Netherlands, New Zealand, Nicaragua, North Korea, North Macedonia, Norway, Oman, Pakistan, Palau, Panama, Papua New Guinea, Paraguay, Peru, Philippines, Poland, Portugal, Qatar, Romania, Russia, Saint Kitts and Nevis, Saint Lucia, Saint Vincent and the Grenadines, Samoa, Singapore, Slovakia, Slovenia, Solomon Islands, South Korea, Spain, Sri Lanka, Suriname, Sweden, Syria, Taiwan, Tajikistan, Thailand, Timor-Leste, Tonga, Trinidad and Tobago, Turkey, Turkmenistan, Tuvalu, United Arab Emirates, United Kingdom, United States, Uruguay, Uzbekistan, Vanuatu, Venezuela, Vietnam, Yemen

Mitigation Advice

  • Force all administrators of FortiGate firewalls to log out and then log back in to ensure their password hashes are upgraded to the more secure PBKDF2 algorithm.
  • Immediately rotate all administrator and user credentials used for FortiGate SSL VPN access.
  • Review FortiGate authentication logs for successful logins from unusual IP addresses, multiple failed logins followed by a success, or logins outside of normal business hours.
  • Audit Active Directory for any recently created administrative accounts or unexpected privilege escalations of existing accounts.

Compliance Best Practices

  • Implement and enforce mandatory Multi-Factor Authentication (MFA) for all FortiGate SSL VPN connections.
  • Implement network segmentation to restrict connectivity between the VPN user network segment and critical infrastructure zones, such as those containing Domain Controllers.
  • Establish a formal policy requiring periodic review and enforcement of the principle of least privilege for all user and service accounts within Active Directory.
  • Develop a comprehensive patch management verification process that includes confirming all manual post-patch steps are completed for critical infrastructure like FortiGate firewalls.
Sources

https://arcticwolf.com/resources/blog/active-fortibleed-campaign-impacting-fortinet-devices-across-194-countries/

https://arcticwolf.com/resources/blog/inside-fortibleed-reverse-engineering-the-cyberstrike-harvester-behind-a-global-fortigate-credential-factory/

https://arstechnica.com/security/2026/06/massive-breach-spills-credentials-for-thousands-of-sensitive-networks/

https://buaq.net/go-423854.html

https://buaq.net/go-423913.html

https://buaq.net/go-424227.html

https://buaq.net/go-424228.html

https://buaq.net/go-424465.html

https://buaq.net/go-424940.html

https://cyberpress.org/fortibleed-campaign-fortigate-devices/

https://cyberpress.org/fortibleed-compromises-fortinet-firewalls/

https://cyberpress.org/fortibleed-credential-theft-campaign/

https://cyberpress.org/fortigatesniffer-harvest-credentials-firewalls/

https://doublepulsar.com/an-update-on-fortibleed-whats-happening-with-victim-orgs-c0671a50e7f4?source=rss----8343faddf0ec---4

https://eclypsium.com/blog/fortibleed-you-cant-patch-your-way-out-of-this/

https://gbhackers.com/fortibleed-campaign-linked-to-inc-and-lynx/

https://gbhackers.com/fortibleed-campaign-uses-fortigatesniffer-to-harvest-110-million-credentials/

https://gbhackers.com/fortinet-warns-of-active-fortibleed-credential-theft-attacks/

https://hackread.com/fortibleed-attack-fortinet-firewalls-credentials/

https://hackread.com/fortibleed-credential-theft-in-lynx-ransomware/

https://labs.k7computing.com/index.php/security-advisory-fortibleed-credential-exposure-campaign-targeting-fortinet-firewalls-and-vpn-gateways/

https://meterpreter.org/fortibleed-fortigate-attack/

https://orca.security/resources/blog/fortibleed-credential-theft-vulnerability/

https://osintteam.blog/fortibleed-campaign-insights-understanding-credential-theft-through-internet-exposed-fortigate-5089f70f6a3d?source=rss----2983bc435765---4

https://securereading.com/fortibleed-evolves-430000-fortigate-firewalls-targeted-in-global-credential-harvesting-operation/

https://securityboulevard.com/2026/07/fortibleed-credential-theft-campaign-linked-to-lynx-ransomware/

https://securityonline.info/fortibleed-fortinet-breach/

https://socradar.io/blog/what-is-fortibleed/

https://thehackernews.com/2026/06/cisa-warns-fortinet-customers-as.html

https://thehackernews.com/2026/06/fortibleed-targeted-fortigate-firewalls.html

https://www.bleepingcomputer.com/news/security/cisa-warns-fortinet-users-to-secure-devices-after-fortibleed-leak/

https://www.bleepingcomputer.com/news/security/fortibleed-campaign-used-custom-fortigate-sniffer-to-steal-credentials/

https://www.bleepingcomputer.com/news/security/fortibleed-credential-theft-campaign-linked-to-lynx-ransomware/

https://www.bleepingcomputer.com/news/security/fortibleed-leak-exposes-fortinet-vpn-credentials-for-73-000-devices/

https://www.cisa.gov/news-events/alerts/2026/06/18/cisa-urges-hardening-fortinet-devices-after-reports-credential-exposure

https://www.esecurityplanet.com/threats/fortibleed-turns-fortigate-access-into-enterprise-credential-theft/

https://www.helpnetsecurity.com/2026/06/18/fortinet-fortibleed-data-leak/

https://www.helpnetsecurity.com/2026/06/23/fortibleed-investigation-remediation/

https://www.hendryadrian.com/inside-the-fortibleed-open-directory-a-technical-analysis-of-what-the-attacker-left-behind/

https://www.hendryadrian.com/threat-brief-mitigating-large-scale-credential-attacks/

https://www.hkcert.org/security-bulletin/security-alert-fortibleed-credential-leak-incident-over-70-000-fortinet-devices-suspected-to-be-affected-by-data-and-credential-exposure-hong-kong-organisations-may-be-affected_20260618

https://www.infosecurity-magazine.com/news/ncsc-fortinet-customers-tackle/

https://www.recordedfuture.com/blog/critical-fortibleed-campaign

https://www.scworld.com/news/fortibleed-campaign-steals-110m-credentials-from-fortigate-targets

https://www.securitylab.ru/news/573885.php

https://www.securitylab.ru/news/574106.php

https://www.securityweek.com/fortibleed-86000-fortinet-device-credentials-compromised/

https://www.securityweek.com/fortibleed-campaign-linked-to-inc-lynx-ransomware-attacks/

https://www.securityweek.com/fortinet-responds-to-fortibleed-campaign/

https://www.securityweek.com/russian-initial-access-broker-behind-fortibleed-campaign/

https://www.techzine.eu/news/security/142639/fortibleed-linked-to-ransomware-groups-inc-and-lynx/

https://www.theregister.com/cyber-crime/2026/06/17/massive-password-stealing-attack-hits-75k-fortinet-firewalls/5257877

https://www.theregister.com/security/2026/07/02/ctrlaltoops-fortibleed-criminals-logins-stitch-two-gangs-together/5265912

Microsoft Said Exploitation Was 'Less Likely,' But CISA Just Added SharePoint RCE to KEV List

A remote code execution flaw, identified as CVE-2026-45659, in on-premises Microsoft SharePoint Server has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog following confirmation of active exploitation. This vulnerability, stemming from an insecure deserialization issue, affects SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016, all of which received patches in May. An authenticated attacker with minimum Site Member permissions can exploit this flaw to execute arbitrary code remotely over the network with low attack complexity. Despite Microsoft's initial assessment that real-world exploitation was "Less Likely," CISA's inclusion of the vulnerability in its KEV list underscores the immediate threat. With a CVSS score of 8.8, federal civilian agencies are mandated to apply Microsoft's fixes by July 4 or discontinue the use of affected systems.

Severity: Critical

Threat Details and IOCs

Malware: Djinn Stealer, TaskWeaver, Warlock, Water Manaul, X2anylock
CVEs: CVE-2023-29357, CVE-2025-11371, CVE-2026-12569, CVE-2026-20230, CVE-2026-45659, CVE-2026-48558
Technologies: Cisco Unified Communications Manager, Microsoft Internet Information Services, Microsoft SharePoint, Microsoft Windows, Microsoft Windows Server, NsecSoft NSecKrnl, PTC FlexPLM, PTC Windchill, SimpleHelp
Threat Actors: ClCRI1040, LinenTyphoon, Storm-2603, Storm2603, VioletTyphoon
Attacker Countries: China
Attacker IPs: 5[.]180[.]41[.]35
Attacker Domains: trycloudflare[.]com
Attacker URLs: _layouts/15/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx
Victim Industries: Aerospace, Automotive, Education, Financial Services, Government, Healthcare, IT Services, Manufacturing, Medical Devices, Public Sector, Retail, Technology Hardware, Telecommunications, Utilities
Victim Countries: United States

Mitigation Advice

  • Immediately apply the May 2026 security updates from Microsoft to all on-premises SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016 instances to patch CVE-2026-45659.
  • Review SharePoint ULS (Unified Logging Service) logs for unusual deserialization errors, exception traces, and authenticated requests to unexpected endpoints which may indicate exploitation attempts.
  • Use your Endpoint Detection and Response (EDR) solution to hunt for suspicious child processes spawned by the SharePoint worker process (`w3wp.exe`), such as `cmd.exe`, `powershell.exe`, or `csc.exe`.
  • Audit all user accounts with "Site Member" permissions on your on-premises SharePoint servers. Disable any unnecessary, dormant, or suspicious accounts immediately.
  • Monitor firewall and network traffic logs for any new or unusual outbound connections originating from your on-premises SharePoint servers to untrusted destinations.

Compliance Best Practices

  • Establish and enforce a formal policy for the principle of least privilege for all SharePoint user accounts. Conduct regular access reviews to ensure users only have the minimum permissions required for their job functions.
  • Implement and enforce multi-factor authentication (MFA) for all user accounts, especially those with access to critical systems like SharePoint, to prevent unauthorized access via compromised credentials.
  • Enhance your vulnerability management program to incorporate threat intelligence from sources like CISA's KEV catalog, prioritizing patching based on active exploitation and asset criticality, not just vendor severity ratings.
  • Develop a network segmentation strategy to isolate on-premises SharePoint servers from general user networks and other critical servers, restricting access to only authorized users and systems on specific ports.
  • Evaluate migrating from on-premises SharePoint to a cloud-based platform like SharePoint Online to reduce the internal burden of patching, maintenance, and infrastructure security.

ModSecurity Security Flaws Enable WAF Rule Evasion with Crafted HTTP Requests

ModSecurity, an open-source web application firewall, contains multiple security vulnerabilities (CVE-2026-52761 and CVE-2026-52747) in versions up to 3.0.15, enabling attackers to bypass detection with specially crafted HTTP requests. The first vulnerability, CVE-2026-52761, is a moderate severity flaw in the `t:utf8toUnicode` transformation function, stemming from incorrect `sizeof()` operator usage on a pointer type (CWE-467). This leads to inconsistent Unicode output on 32-bit i386 systems, allowing security rules to misinterpret malicious payloads and facilitating evasion; mitigation involves upgrading to version 3.0.16 and migrating from i386 systems. The second, more severe vulnerability, CVE-2026-52747, affects the `multipart/form-data` parser in libmodsecurity, where it silently strips embedded line breaks (`\r\n` or `\n`) from non-file form-data fields before WAF inspection, while backend applications process them with line breaks intact. This parser differential allows attackers to craft payloads that evade detection rules dependent on line breaks, such as multi-line injection attacks; remediation requires upgrading to version 3.0.16, reviewing WAF rulesets, implementing backend validation, and conducting regression testing for multipart parsing behaviors.

Severity: Critical

Threat Details and IOCs

CVEs: CVE-2026-52747, CVE-2026-52761
Technologies: Apache HTTP Server, Intel i386, Microsoft Internet Information Services, ModSecurity, NGINX

Mitigation Advice

  • Create an inventory of all web servers running ModSecurity, documenting their current version and the underlying system architecture (32-bit vs. 64-bit).
  • Upgrade all identified instances of ModSecurity to version 3.0.16 or newer.

Compliance Best Practices

  • Develop and execute a plan to migrate any web applications and WAFs currently running on 32-bit (i386) systems to a modern 64-bit architecture.
  • Periodically review and update WAF rules to ensure they are resilient to evasion techniques like the line break stripping described in the article, avoiding sole reliance on patterns that can be easily manipulated.
  • Mandate that all web applications perform server-side input validation, independent of the WAF, to ensure data integrity and security.
  • Integrate security-focused regression tests into the application deployment pipeline to automatically check for inconsistencies in how the WAF and backend applications parse user input.

PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

A new macOS information stealer, dubbed PamStealer by Jamf Threat Labs, is actively targeting users through deceptive tactics. This malware is distributed via fake websites, such as "maccyapp[.]com," which impersonate the legitimate open-source clipboard manager Maccy. The initial infection vector involves a compiled AppleScript (.scpt) file delivered within a disk image. This AppleScript dropper utilizes JavaScript for Automation (JXA) and native Objective-C APIs to download a secondary Rust-based Mach-O infostealer. A notable evasion technique involves instructing users to execute the script via "⌘ + R" or the Script Editor's Run button, which bypasses the `com.apple.quarantine` attribute. The dropper incorporates environment checks, ensuring execution only on Apple Silicon Macs and terminating if run in sandboxed environments or in certain Eastern European locales. Once active, the Rust-based infostealer, masquerading as the Finder app, harvests sensitive data including credentials, browser data, cryptocurrency wallet extensions, iCloud Keychain contents, and clipboard information. A key feature of PamStealer is its use of the macOS Pluggable Authentication Modules (PAM) API to validate the victim's login password locally, repeatedly prompting the user until the correct password is provided before exfiltrating the captured data to attacker-controlled infrastructure like "avenger-sync[.]live." Persistence is established through an arm64 Mach-O impersonating macOS System Settings, creating a fake bundle at `~/Library/Application Support/com.apple.finder.core/Finder.app`. After successful data exfiltration, the malware displays a counterfeit "Maccy is damaged" alert to mislead the victim into discarding the lure.

Severity: High

Threat Details and IOCs

Malware: PamStealer
Technologies: Apple AppleScript, Apple JavaScript for Automation, Apple Keychain, Apple macOS, Maccy, Pluggable Authentication Modules
Attacker Domains: api[.]live-updates[.]online, api[.]sync-master[.]online, avenger-sync[.]live, avngr[.]netlify[.]app, eth[.]drpc[.]org, ethereum-rpc[.]publicnode[.]com, maccyapp[.]com, maccyapp[.]net
Attacker URLs: hxxps[://]avenger-sync[.]live/api/sync, hxxps[:]//api.live-updates.online/v1, hxxps[:]//api.live-updates.online/v2, hxxps[:]//api.sync-master.online/v1, hxxps[:]//api.sync-master.online/v3, hxxps[:]//avenger-sync.live/api/sync, hxxps[:]//avngr.netlify.app/api, hxxps[:]//maccyapp.com
Attacker Hashes: 06fdd1d97df1105c542ddb881d751b659d555b5522c266f6364dae9f350fcfd0, 2b512f6c393edad89a89ecafe26cd23b71cfdd271c10522f8dba98997ebf39bb, 36d46ac7123e0cef04f179d88e590891c7e7c64ec5a77df4512cb485e40286da, 60df952153696d46a09774e44ca602393c6829f9e2c2ec4f95d571f9846242a8, 96c8ad78f6ccdf83d3dcabfd33ba563f7995f7237fe825de1eefd340821abdf3, ab3a14096851cc18a253c1cd1c25df74f2cf23eb29051784ce47f9fc318f0f22, bb01f3c36110d2cc31ae51c4ff2f17be19bea625755b5339680431fab98616df, ca7f5c0668f1a871523d485e42884c3b98910117d7ca17c8b3c3b3744a936e0f, e8b18c420669deb8fc6f69e74146e499057c3c77436ac6ca54af37befa9ddaa5, f48b69e4b7fb4d53de25b4c9be8e8dbe0999c10d5306e01aa08e1761fc3dedbe, ff20b429cb1c89e1cdb6734b00cc8cf021d2d13fd686bbc70709b3dd549285d2
Victim Industries: Cryptocurrency, Technology Hardware

Mitigation Advice

  • Add the domains `maccyapp[.]com` and `avenger-sync[.]live` to the network firewall and web filter blocklists.
  • Use an Endpoint Detection and Response (EDR) tool or script to scan all macOS endpoints for the existence of the persistence directory `~/Library/Application Support/com.apple.finder.core/Finder.app`.
  • Use endpoint security tools to search all macOS devices for recently downloaded or created `.scpt` files, paying special attention to any named `Maccy.scpt`.
  • Send a security bulletin to all employees, especially macOS users, warning them not to download software from unofficial websites. Specifically mention the fake Maccy site `maccyapp[.]com` and instruct them that the only official site is `maccy.app`.

Compliance Best Practices

  • Develop and implement an application control policy for macOS endpoints to prevent the execution of unauthorized applications and scripts from unapproved sources.
  • Configure your Endpoint Detection and Response (EDR) solution to create high-fidelity alerts for suspicious process chains on macOS, such as Script Editor spawning network connections or writing new executables to disk.
  • Restrict the use of macOS scripting tools, such as Script Editor and JavaScript for Automation (JXA), for standard users who do not have a business requirement for them.
  • Incorporate specific training modules on identifying and avoiding lookalike websites and software downloads from untrusted sources into the mandatory annual security awareness program.
  • Prioritize the rollout of phishing-resistant multi-factor authentication (MFA) for all corporate applications and services to reduce the impact of compromised user passwords.

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack

A large language model (LLM) agent, identified as JADEPUFFER, executed the first fully autonomous ransomware attack, commencing with the exploitation of CVE-2025-3248, an unpatched remote code execution vulnerability in Langflow. This initial breach allowed the agent to run arbitrary Python code without authentication, leading to rapid system mapping and the exfiltration of API keys for AI services, cloud credentials, crypto wallet keys, and database logins, further leveraging a default MinIO login (minioadmin:minioadmin) for expanded access. Persistence was established via a scheduled task beaconing to 45.131.66[.]106. The agent then targeted an internet-facing MySQL database and Alibaba Nacos, compromising Nacos by exploiting CVE-2021-29441 (an authentication bypass) and its default signing key. The ransomware payload encrypted 1,342 Nacos settings, deleted original tables, and left a ransom note demanding Bitcoin to 3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy, but critically, the encryption key was generated and immediately discarded, rendering the data permanently unrecoverable. Evidence of AI involvement included plain-English code comments, rapid self-correction within 31 seconds, and the use of a Bitcoin address commonly found in developer documentation. This incident underscores the escalating automation of cyberattacks, necessitating prompt patching of known vulnerabilities, securing default configurations, implementing robust secret management, and focusing on runtime behavior monitoring to counter sophisticated AI-driven threats.

Severity: Critical

Threat Details and IOCs

Malware: ChocoPoC, JADEPUFFER
CVEs: CVE-2021-29441, CVE-2025-3248
Technologies: Alibaba Cloud, Alibaba Nacos, Amazon Web Services, Docker, Google Cloud Platform, HashiCorp Terraform, Huawei Cloud, Langflow, Linux, Microsoft Entra ID, MinIO, Oracle MySQL, PostgreSQL, Python, Tencent Cloud
Threat Actors: Jadepuffer
Attacker IPs: 45[.]131[.]66[.]106, 64[.]20[.]53[.]230
Attacker Emails: e78393397@proton[.]me
Attacker Domains: proton[.]me
Attacker URLs: hxxp[:]//45.131.66.106:4444/beacon
Victim Industries: Cloud Infrastructure, Cryptocurrency, Gaming, Software, Technology Hardware
Victim Countries: Australia, China, Germany, Mexico, Singapore, United States

Mitigation Advice

  • Block the IP address 45.131.66[.]106 and associated beacon URL at the network perimeter firewall and web proxy.
  • Identify all Langflow instances in the environment and immediately upgrade them to version 1.3.0 or later to remediate CVE-2025-3248.
  • Identify all Alibaba Nacos instances and immediately upgrade them to version 1.4.1 or later to remediate the authentication bypass vulnerability CVE-2021-29441.
  • Scan the network for all MinIO storage servers and immediately change the default 'minioadmin:minioadmin' credentials to a strong, unique password.
  • Review all Nacos instances and immediately replace the default JWT signing key with a unique, securely generated secret value.
  • Perform an immediate external network scan to identify and inventory all internet-facing Langflow, MySQL, and Nacos services for review and remediation.

Compliance Best Practices

  • Implement a centralized secrets management solution, such as HashiCorp Vault or a cloud-native equivalent, and migrate all application secrets, API keys, and database credentials into it.
  • Audit all application-to-database connections and enforce the principle of least privilege by creating dedicated, non-root service accounts with the minimum permissions required for operation.
  • Develop and implement a network segmentation strategy to isolate critical infrastructure, such as production databases, from internet-facing application tiers and general corporate networks.
  • Implement a default-deny egress filtering policy at the network perimeter, allowing outbound connections only to explicitly approved destinations and services required for business operations.
  • Establish a formal vulnerability management program that includes regular, automated scanning of all assets, risk-based prioritization of findings, and defined Service Level Agreements (SLAs) for remediation.
  • Institute a mandatory security review process for all new and existing applications to minimize the internet-facing attack surface, ensuring that administrative interfaces and sensitive services are not publicly exposed.
  • Deploy a Cloud Workload Protection Platform (CWPP) or Endpoint Detection and Response (EDR) solution across all servers to monitor for and alert on anomalous runtime behaviors, such as unexpected processes or network connections.

Authors & Contributors

Brian Sayer (Author)

Threat Intelligence Analyst, F5