I guess Kaspersky is not in NSA's pocket (yet).
"However, if the attacker was indeed the NSA, then it could've also gotten it for free from "cyber threat sharing" programs, where companies give the NSA access to their vulnerabilities months before patches are ready or before anyone else knows the bugs even exist. Such programs are supposed to give the NSA advance notice to secure its networks, but they can also be used for offensive purposes before the vulnerabilities are patched by the companies."
I, for one, find this so-called "sharing" program rather disturbing; for starters, the NSA doesn't really give anything in return, so it's not really sharing. Then, one can be certain they can and WILL use these vulnerabilities for nefarious purposes. The logic behind this program is shady, at best.