Chinese state hackers cloned and started using NSA zero-day exploit almost three years before Shadow Brokers leaked it in April 2017. APT 31 built their exploit, dubbed Jian, by replicating the functionality of the EpMe exploit stolen from the Equation Group (NSA’s Tailored Access Operations (TAO) unit) The vulnerability was used for escalating Windows user privileges after gaining access to targeted devices. Microsoft patched the vulnerability in March 2017 and attributed active exploitation to the Chinese-backed APT31 hacking group.
Source: https://www.bleepingcomputer.com/news/security/chinese-hackers-used-nsa-exploit-years-before-shadow-brokers-leak/