Wannacry related interim timeline

Let me share a timeline I constructed regarding Wannacry during the last days. The interesting point I shared with some colleagues was that the patient zero (o patients) infection vector is not referenced or described as of now yet.

15th February 2017 Microsoft cancels its monthly patching for that month

9th March 2017 Wikileaks press release regarding Vault7, “the largest-ever publication of confidential documents on the agency” according to Wikileaks.
https://steemit.com/wikileaks/@ausbitbank/wikileaks-vault-7-march-9th-press-conference-transcript

14th March 2017 Microsoft publish security update MS17-010 for SMB Server
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

14th April 2017 (according to https://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers) Equation Group (see https://en.wikipedia.org/wiki/Equation_Group) releases some exploits, EternalBlue among them. EternalBlue took advantage of the vulnerability that Microsoft patch MS17-010 fiexed.
https://github.com/misterch0c/shadowbroker/

14th April 2017 Microsoft publish their triage analysis on the exploits
https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/

15th April 2017 Security companies analyse exploits. One example of the anaylisis of EternalBlue is the following:
https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/

15th April 2017 Some news sites start to wonder how come that the patch existed before the release e.g. https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/

12th May 2017 WannaCry appears in the wild
https://en.wikipedia.org/wiki/WannaCry_cyber_attack

Some sources mention that the infection vector was a phishing email
https://www.heise.de/newsticker/meldung/WannaCry-Was-wir-bisher-ueber-die-Ransomware-Attacke-wissen-3713502.html
http://www.wired.co.uk/article/wanna-decryptor-ransomware
https://www.cylance.com/en_us/blog/cylance-vs-wannacry-wanacrypt0r-2-0.html

However, no analysis yet of that mentioned phishing email, its attachment and its modus operandi in general.

Update 1: Response and proposals from Microsoft

Rocky days

This is a Security Bloggers Network syndicated blog post authored by itsecuriteer. Read the original post at: Security and risk