A Chinese group known as APT31 … somehow gained access to and used a Windows-hacking tool known as EpMe created by the Equation Group … widely understood to be a part of the NSA. … The Chinese hackers then used that tool … from 2015 until March 2017, when Microsoft patched the vulnerability.
…
APT31 had access to the … privilege escalation exploit … long before the late 2016 and early 2017 Shadow Brokers leaks. … APT31 s [version] appears to have been built by someone with hands-on access to the Equation Group s compiled program.
And Kieren McCarthy wonders if this illustrates
It could be that Beijing obtained a copy of Equation Group s EpMe, or observed it being used and recreated it, and used it while the hole in Microsoft s Windows remained unfixed. Or the Chinese could have found the same bug within the OS.