Recent investigations have unveiled that Chinese companies associated with the state-sponsored hacking group known as Silk Typhoon, also referred to as Hafnium, have filed more than 15 technology patents. These patents provide a rare glimpse into the cyber contracting ecosystem and its offensive capabilities.
The patents encompass a range of tools designed for cyber espionage, including:
– Encrypted Endpoint Data Collection: Tools that facilitate the secure gathering of data from endpoint devices, ensuring that the data remains protected during transmission.
– Apple Device Forensics: Technologies aimed at extracting and analyzing data from Apple devices, which could be instrumental in investigations or unauthorized data collection.
– Remote Access to Routers and Smart Home Devices: Systems that enable operators to remotely control routers and various smart home devices, potentially allowing for surveillance or disruption of services.
According to a report by SentinelOne, these patents highlight the sophisticated capabilities of firms linked to Silk Typhoon. Dakota Cary, a China-focused strategic advisor for SentinelLabs, emphasized the importance of understanding not just the cyber campaigns but also the entities behind them. He stated, Our research demonstrates the strength in identifying not only the individuals behind attacks, but the companies they work for, the capabilities those companies have, and how those capabilities fortify the initiatives of the state entities who contract with these firms.
This revelation builds upon the U.S. Department of Justice’s indictment in July 2025 of two individuals, Xu Zewei and Zhang Yu. Both are accused of orchestrating widespread exploitation campaigns in 2021 targeting Microsoft Exchange Server using then-zero-day vulnerabilities known as ProxyLogon. These operations were allegedly conducted on behalf of China’s Ministry of State Security (MSS).
Court documents reveal that Zewei was employed by Shanghai Powerock Network Co. Ltd., while Yu worked for Shanghai Firetech Information Science and Technology Company, Ltd. Both companies are believed to have operated under the direction of the Shanghai State Security Bureau (SSSB).
Notably, Shanghai Powerock Network Co. Ltd. deregistered its business on April 7, 2021, shortly after Microsoft attributed the zero-day exploitation activities to China. Following this, Zewei joined Chaitin Tech, another prominent cybersecurity firm, before transitioning to a role as an IT manager at Shanghai GTA Semiconductor Ltd.
Further investigations have identified that Yin Kecheng, another hacker associated with Silk Typhoon, was employed at Shanghai Heiying Information Technology Company, Limited. This firm was established by Zhou Shuai, a known Chinese patriotic hacker and purported data broker.
The relationship between these companies and the MSS appears to be structured and directive. Cary explained, Shanghai Firetech worked on specific tasking handed down from MSS officers. Shanghai Firetech and co-conspirators earned an ongoing, trusting relationship with the MSS’s premier regional office, the SSSB.
Delving deeper into the connections between these individuals and their respective companies has uncovered patents filed by Shanghai Firetech and Shanghai Siling Commerce Consulting Center. The latter is a firm jointly founded by Zhang Yu and Yin Wenji, CEO of Shanghai Firetech. These patents focus on technologies designed to collect data from Apple devices, routers, and defensive equipment.
Evidence also suggests that Shanghai Firetech is developing solutions that could facilitate close access operations against targeted individuals. Cary noted, The variety of tools under the control of Shanghai Firetech exceeds those attributed to Hafnium and Silk Typhoon publicly. The capabilities may have been sold to other regional MSS offices, and thus not attributed to Hafnium, despite being owned by the same corporate structure.
These findings underscore the intricate web of state-sponsored cyber activities and the pivotal role played by private firms in advancing China’s cyber espionage capabilities. The development and patenting of such tools not only reflect the technical prowess of these companies but also highlight the strategic importance placed on cyber operations by state entities.
