Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading).

Operationally this week nothing of note beyond the phishing campaign being launched under cyber security company brands.

In the high-level this week:

• Taking the Elf Off the Shelf: Why the U.S. Should Consider a Civilian Cyber Defense - this feels a little like a cyber version of Finland’s whole of society approach. A good idea given the scale of the challenge.

• Here's how North Korean operatives are trying to infiltrate US crypto firms - how is that insider threat programme shaping up?

• Defense Firm Said U.S. Spies Backed Its Bid for Pegasus Spyware Maker - yet USG said no to the NSO takeover. Looks like a missed opportunity and the top of government not understanding the value.

• CEO of Dozens of Companies and Entities Charged in Scheme to Traffic an Estimated $1 Billion in Fraudulent and Counterfeit Cisco Networking Equipment - how those supply chains looking?

• Infrastructure companies must repo…