How is that possible? Well, once a threat is detected and identified, it becomes public domain. Attackers are able to acquire and reverse engineer the code to figure out what makes the attack tick, and then re-purpose those techniques for their own exploits. The original cyber-espionage threat may not be intended for the general population, but once it's discovered the innovative exploits used become fair game for any attacker.
Howard Schmidt, former White House cybersecurity coordinator, paraphrased Sun Tzu in a panel discussion at the Kaspersky event. He said there are three rules to remember if you choose to use fire in battle: 1) Make sure the wind isn't in your face. 2) If it is, make sure you don't have anything that will catch fire. 3) If you do, make sure the things that will burn are not important.
A cyber-espionage stike is like using fire in battle. It's a risky proposition because it's difficult to control once it's released, and there are no guarantees that it won't be discovered and used against the original developer, or spiral out of control and result in a much broader impact than intended.
Defending against these threats is obviously easier said than done. When these cyber espionage attacks are discovered, researchers find that the threats have actually been active in the wild for three, five, or even 10 years. It's a fair and valid question to ask why they were never detected by standard security measures in place at most businesses and government agencies, or how they were able to operate undetected for years.