The equation group is a mastermind, which is assume to be the main scenario, but there is a possibility that another global crime organization hacked into the server of the equation. Thereafter, they leaked the hacking tools through Japanese data brokers.
If this is the case, it is necessary to understand why they should structure this crime framework, including why they decided to auction them and why they hired these specific data brokers.
In May 2016, there was a crime illegally drawing cash from ATMs at convenience stores in Japan, amounting to $20 million damage. This breach was huge, as the crime took place at 17 prefectures out of 47 totally in Japan within a few hour timeframe. It was calculated as more than 1,000 people involved in its crime. This crime background is quite similar to “shadow brokers”.
Originally, the South African bank was hacked and they stole a cash at ATMs from their banking accounts, as they decrypted the code which this bank employed for a transaction. The basic skill-set was a hacking and decryption. It was highly likely for the global crime organization to hire the Japanese crime infrastructure for its monetization. This background is totally the same as this crime, the auction of NSA hacking tools.
Therefore, there is a possibility that this global organization hacked into the equity group to obtain these hacking tools. However, the equation can also structure the same crime framework, so it does not just mean they were hacked.