SafeBreach has significantly updated its Hacker's Playbook, adding new attack scenarios to enhance security validation for its customers.

Among the new additions are attack samples related to the NotLockBit ransomware, which has raised concerns about the security of macOS systems.

SentinelOne recently identified the macOS.NotLockBit ransomware, challenging the notion that macOS is largely immune to such threats.

This ransomware, written in Go, specifically targets Intel and Apple silicon Macs, using Rosetta emulation to execute its payload.

NotLockBit attempts to exfiltrate data to an AWS S3 server before encrypting files, leaving a ransom note in README.txt format.

In addition to NotLockBit, SafeBreach's offerings now include attack scenarios for the MDeployer loader and Embargo ransomware.

MDeployer is known for decrypting previously encrypted files and executing the Embargo ransomware, which appends a random extension to encrypted files.

ESET has discovered the Embargo ransomware, which utilizes a toolkit that includes MDeployer and an EDR killer tool.

Additional threats covered in the Hacker's Playbook include the HustleCon Trojan and the Vaccinerende Trojan, both of which are distributed through phishing tactics.

A joint advisory from the FBI, U.S. Department of Treasury, and Israel National Cyber Directorate has highlighted operations by the Iranian threat group Emennet Pasargad, known for cyberattacks and data harvesting.

This group was implicated in a cyberattack during the 2024 Olympic Games, aiming to discredit Israeli athletes through disinformation.

SafeBreach has also added attack scenarios for the BD.EXE RAT and FIRST.EXE Trojan associated with Emennet Pasargad to its offerings.