The attackers behind WannaCry used the NSA 0-day Eternal Blue and Double Pulsar exploits first made available earlier this year by a group called the Shadow Brokers. Initially, the malware propagated via spam emails—including fake invoices, job offers, and other traps—which contained a .zip file that initiated the WannaCry infection. Eternal Blue exploits an older flaw in the Server Message Block (SMB) in Microsoft Windows, which can allow remote code execution. This flaw was patched in Microsoft’s March 2017 update cycle, but many organizations had not run the patch or were using unsupported legacy operating systems like XP. Inception: First appeared in March 2017 but spread in May 2017; Attack vector: Eternal Blue Server Message Block (SMB) Exploit Kit
The worldwide Accellion #cyberattacks appear to have originated from the infamous Clop #ransomware gang. https://wbrt.io/2P5E1Ln
Our #BrightCloud Threat Intelligence associated the IP address of the SolarWind's Orion update with a botnet in the summer of last year.
A properly configured security tool using our #threatintelligence data would have blocked comms with the C&C server. https://wbrt.io/3aQsjv7