Here are the key details on Nefarious Mantis:
Initial access methods: The group gains entry into networks by exploiting vulnerabilities in public-facing VPNs and by conducting malvertising campaigns.
Targeting: Nefarious Mantis has been observed targeting critical infrastructure sectors in the U.S. and Europe, including healthcare, education, technology, and government entities.
Double extortion: Like Rhysida, Nefarious Mantis uses double extortion tactics. It encrypts a victim\'s data while simultaneously exfiltrating sensitive information to apply more pressure for a ransom payment.
An alias used to refer to the threat actor group behind Interlock ransomware. The alias \"Nefarious Mantis\" refers to a recently active cybercrime threat group, also known as Interlock ransomware. Identified in late 2024, this financially motivated group targets critical infrastructure sectors, including healthcare, education, and government entities. Nefarious Mantis is a cybercriminal group affiliated with the Interlock ransomware operation. Identified in September 2024, the group is known for its aggressive targeting of critical infrastructure across North America and Europe, particularly in the healthcare and technology sectors.
Tactics and techniques Nefarious Mantis employs within the larger Interlock ransomware cluster, which is known for its sophisticated and multi-staged attacks. Its methods include: Initial access. The group exploits public VPN vulnerabilities and uses malvertising campaigns to gain initial access to target networks.
Malware deployment Nefarious Mantis leverages the Interlock Remote Access Trojan (RAT) to perform reconnaissance and establish persistence inside victim networks. Double extortio.n After exfiltrating sensitive data, the group deploys ransomware, encrypting victim systems and demanding payment.
Credential theft: The group conducts extensive credential theft during the compromise to aid in lateral movement and privilege escalation. Connection to other groups Tactical analysis suggests that Nefarious Mantis may have a connection to the Arcane Mantis group, also known as Rhysida. Overlapping tactics and potential resource sharing point to a relationship between the two entities.
Tactics and techniques Nefarious Mantis employs within the larger Interlock ransomware cluster, which is known for its sophisticated and multi-staged attacks. Its methods include: Initial access. The group exploits public VPN vulnerabilities and uses malvertising campaigns to gain initial access to target networks.
Malware deployment Nefarious Mantis leverages the Interlock Remote Access Trojan (RAT) to perform reconnaissance and establish persistence inside victim networks. Double extortio.n After exfiltrating sensitive data, the group deploys ransomware, encrypting victim systems and demanding payment.
Credential theft: The group conducts extensive credential theft during the compromise to aid in lateral movement and privilege escalation. Connection to other groups Tactical analysis suggests that Nefarious Mantis may have a connection to the Arcane Mantis group, also known as Rhysida. Overlapping tactics and potential resource sharing point to a relationship between the two entities.
