Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading). Not everything makes it in, but the best bits do.

Operationally this week there was only one thing on everyone’s lips and that was 3CX, the intrusion suspected of being North Korea into a VoIP software provider leading to an event reminiscent of SolarWinds (see the reporting below). Beyond this some DDoS overspill from Russia/Ukraine, ransomware and then you will see that is all just hyper busy.

In the high-level this week:

• Ukraine War Shows Difficulty of Large-Scale Cyberattacks, NSA Director Says

• Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs

• Russia Supplies Iran With Cyber Weapons as Military Cooperation Grows - Russia’s PROTEI Ltd has begun providing internet-censorship software to Iranian mobile-services provider Ariantel

• Government response to commercial spyware

  • Executive Order on Prohibition on Use by …