The most powerful 'cyber weapons' generally belonged exclusively to intelligence agencies, especially in countries like the United States, Britain, Russia, China, North Korea or even Iran.
These agencies has units that does nothing but specifically look for vulnerabilities in software developed by the private sector that are being used and employed worldwide by both governments and private sectors alike. Using the vulnerabilities discovered, these agencies would conduct spying and other intelligence gathering efforts against governments or organisations that are not friendly to them or which they wants to undermine.
In the US, this is a domain that is largely dominated by the National Security Agency (NSA). And the NSA has a term for all such vulnerabilities discovered by them in secrecy. The term used is 'NOBUS' stand for 'nobody but us'.
Unfortunately for every action, there is always a counteraction. You have the Julian Assange of Wikileaks, the Edward Snowden and those hacker groups who will hack into these intelligence agencies and released these exploits to the general public. Once these vulnerabilities are released 'into the wild', it will be a free for all.
That was how EternalBlue, an exploit developed by the NSA and the root cause for the WannaCry and NotPetya attack was discovered. A hacker group, Shadow Brokers hacked and stole the code from the NSA and released it into the public domain.