The threat group Arcane Mantis is a financially motivated cybercriminal collective, also known by aliases such as Vice Society and Rhysida, and is associated with ransomware operations. Its activities have been observed since at least 2021.
Arcane Mantis is also known for its connections to other groups, such as the Interlock ransomware gang and its affiliate, Nefarious Mantis. This link was established in 2025 by cybersecurity researchers at PRODAFT, who indicated that Arcane Mantis, Vice Society, and Rhysida all share infrastructure with the Interlock ransomware group. The relationship between these groups suggests potential resource sharing, shared developers, or rebranding over time.
Tactics and techniques: Arcane Mantis\'s tactics, as observed across its aliases, are characterized by double-extortion ransomware campaigns. Initial access: Relies heavily on compromising credentials, malware, and exploiting public-facing vulnerabilities.
Malware distribution: Has utilized malware loaders, such as Goot loader, to deliver subsequent malicious payloads.
Social engineering: Engages in sophisticated social engineering and spearphishing campaigns to trick employees into divulging sensitive information or executing malicious code—double extortion: Exfiltrates sensitive data before encrypting a victim\'s network. The group then demands payment in exchange for a decryption key and the promise not to leak the stolen data on its dark websites. Notable activity and evolution: Rebranding - The group is believed to have undergone multiple rebrandings to evade law enforcement scrutiny and adapt its strategies.
Arcane Mantis Group | 0 user ratings | 2025-10-17 10:32:53 blscott |
Comments | new comment |
| Nobody has commented yet. Will you be the first? | |
| Forum |
