A Chinese hacking group that has been using tools linked with the National Security Agency might have obtained at least one without breaching NSA systems.

Symantec has evidence that Chinese-linked hackers were using NSA-authored tools at least a year before they were publicly leaked by the Shadow Brokers.

A more sophisticated, stealthier attacker used the same NSA-engineered cyberweapon to infiltrate the IT networks of companies across the world, including at least one publicly traded in the U.S., according to new research.

Hospitals, utilities and telecoms are impacted so far. More than 75,000 detections in 99 countries have been recorded.

"Expect more bloodbath," says one researcher.