A hacking/malware tool isn’t as simple as ad or VM. You can’t very well have the malware phone home every so often for password changes and expose additional packets. Ehh or maybe they can if they’ve got all firewalls covered... :) who knows.
Either way their chinglish or whatever you call it was almost too consistent and their topic headings were perfect English. I’m suspicious.
It could all very well be an AP(advanced persistent threat) in the form of malware or Trojan left behind. Working in financial IT, I can tell you that we are under audit almost year round and they LOVE to tell us we have holes all over despite the risk being low.
If the NSA isn’t auditing its own operations, then shame on them.