Just to clarify, I really am phrazzled, but just to clarify, what I've gathered*
Part 1: Emails given titles specific to large organisations, containing attachments containing an office Javascript zero-day.
Part 2: SMB exploit for propogation and faked authentication.
Part 3: WannaCry Encryptor.
Part 3 is off the shelf.
Part 2 is now public knowledge, but was patched by MS a few days before it was leaked. There are unpatched systems out there, and questions will be asked.
Part 1: If it wasn't a zero-day, it would be caught by local/organisational AV/security.
Conclusion:
Part 1 is the interesting bit. Zero-days are rare as hens teeth. Very, very expensive and potentially powerful. That, in combination with the apparently targetted nature of the emails.... unlikely to be regular groups.
*First guy I spoke to about this turned out to be an ex-Lulzsec Brit, LOL. He was sickened. Note I didn't hear about the Office Zero day from him, but he did say that Parts 2 and Three were being sold as a package, and showed me the tweet about the email titles.
Part 1: Emails given titles specific to large organisations, containing attachments containing an office Javascript zero-day.
Part 2: SMB exploit for propogation and faked authentication.
Part 3: WannaCry Encryptor.
Part 3 is off the shelf.
Part 2 is now public knowledge, but was patched by MS a few days before it was leaked. There are unpatched systems out there, and questions will be asked.
Part 1: If it wasn't a zero-day, it would be caught by local/organisational AV/security.
Conclusion:
Part 1 is the interesting bit. Zero-days are rare as hens teeth. Very, very expensive and potentially powerful. That, in combination with the apparently targetted nature of the emails.... unlikely to be regular groups.
*First guy I spoke to about this turned out to be an ex-Lulzsec Brit, LOL. He was sickened. Note I didn't hear about the Office Zero day from him, but he did say that Parts 2 and Three were being sold as a package, and showed me the tweet about the email titles.