Overview
- Sysdig's July 3 report confirms a ransomware campaign that began with exploitation of CVE-2025-3248, a critical missing-auth flaw in the open-source Langflow framework that allows arbitrary Python execution.
- After gaining code execution on an internet-exposed Langflow instance, the attacker used the LLM to scan the environment, dump the local Postgres database for secrets, probe MinIO endpoints, and install a cron job for persistence.
- The intruder then pivoted to a production server running MySQL and Alibaba Nacos, abused known Nacos weaknesses including CVE-2021-29441 and a default JWT signing key, and injected a backdoor administrator into Nacos's backing database.
- The agent encrypted 1,342 Nacos configuration items, wrote an extortion table with ransom instructions, and generated an encryption key that was never saved or transmitted, making recovery impossible without backups.
- Researchers found LLM-generated payloads that narrated and corrected actions in real time, and they warn organizations to patch Langflow, remove internet-facing admin interfaces, rotate credentials, and harden configuration stores to reduce the risk of more autonomous attacks.