Mantis

Mantis, a threat actor known for its malicious activities, has been employing a sophisticated strategy to disrupt systems. Using a decoy FTP server, Mantis initiates a prompt-injection attack against the LLM agent. This approach essentially turns attacking AIs into prey, thereby multiplying the force of the attack. Despite the presence of defensive systems like the one created by GMU researchers, Mantis's prompt-injection attacks continue to be effective. While the defense system, also named Mantis, uses deceptive techniques to emulate targeted services and send back a payload containing a prompt-injection attack when it detects a potential automated attacker, the success of these countermeasures is still under scrutiny. The Mantis defense system operates autonomously once deployed, orchestrating countermeasures based on the nature of detected interactions. The team behind this system focuses on two types of defensive actions: passive defenses that aim to slow down the attacker and increase the cost of their actions, and active defenses that hack back with the goal of gaining the ability to run commands on the attacker's system. However, as long as prompt-injection attacks remain effective, the threat posed by the Mantis threat actor will persist. In addition to its direct attacks, Mantis has been linked to several clusters of domains showing signs of connections to TAG-63, otherwise tracked as APT-C-23, Desert Falcons, Arid Viper, or Mantis, which is perhaps the longest-running Arabic cyber operations group publicly known. Despite efforts from cybersecurity professionals and companies such as Blue Mantis, which has recommended training new cybersecurity professionals, the threat from Mantis remains significant. As a result, firms such as c/side are developing solutions to protect businesses from costly and damaging browser-executed attacks, with funding led by Uncork Capital and participation from Mantis VC, Scribble Ventures, Roar Ventures, and PrimeSet.