A Chinese-linked group believed to be sponsored by Chinese intelligence had been using some of the zero-day exploits linked to the NSA’s Equation Group almost a year before the Shadow Brokers group leaked them. The group, Buckeye, is responsible for a large number of espionage attacks, mainly against defence and critical organizations in the United States. The tools used by Buckeye continued to be used until late 2018 in conjunction with different malware, Symantec says. It doesn’t know how the Chinese hackers got the tools before the leak, but there’s a possibility that Buckeye may have captured the code from an NSA attack on their own computers.
Source: https://thehackernews.com/2019/05/buckeye-nsa-hacking-tools.html