If you read the "Exploitation and Public Announcements" section of the Cisco publication, it meantions the source was another CVE from a month ago[1].
[0] https://news.ycombinator.com/item?id=12540692
[1] http://blogs.cisco.com/security/shadow-brokers
If you read the "Exploitation and Public Announcements" section of the Cisco publication, it meantions the source was another CVE from a month ago[1].
[0] https://news.ycombinator.com/item?id=12540692
[1] http://blogs.cisco.com/security/shadow-brokers