Cyber Point says 'Jian' exploited vulnerability in Windows and was first used no later than 2015, two years before leak of American cyber weapons