Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading).

Operationally this week the big thing was the cyber attack in Iran against the steelworks due to sanction busting. The quality of the operations execution (i.e. they broke into the ICS systems) and then the subtle messaging (i.e. they point out how they kept the people safe) indicates this is likely a sophisticated threat actor doing some 💪. Interesting that a likely state based actor wants to portray this as the capability of a group of unknown heritage. This is the same group that previously disrupted payments in Iran, among other operations.