Cybersecurity firm Silk Typhoon allegedly obtained a series of patents for malicious digital weapons, according to recent claims.
In a recent development, a portfolio of patents filed between 2014 and 2020 by two Chinese companies, Shanghai Powerock and Shanghai Huayun Firetech, has been linked to a state-sponsored cyber espionage group known as Silk Typhoon (also known as Hafnium). The patents, uncovered through US Department of Justice indictments and analyzed by SentinelLabs, detail offensive cybersecurity tools that go beyond previously known Hafnium capabilities.
The patents describe utilities for decrypting hard drives, network traffic sniffers, forensic software, and spyware tools designed to remotely recover files from Apple devices, including those encrypted by Apple FileVault. These capabilities, such as encrypted data extraction from Apple devices, network traffic interception from routers and smart appliances, and spyware and remote access tools to exfiltrate data stealthily, have not been documented as a capability used by Hafnium or related threat actor groups.
The two companies filing these patents are believed to operate under the Shanghai State Security Bureau's direction and have ties to China’s Ministry of State Security (MSS). Indicted individuals Xu Zewei and Zhang Yu managed hacking campaigns for these firms, which are linked to high-profile Hafnium activities such as the 2021 Microsoft Exchange zero-day exploit and the December break-in at the U.S. Treasury Department.
The revelations come from a July 2025 indictment that names two alleged MSS contractors, Xu Zewei and Zhang Yu, for their role in the 2021 Exchange mega-hack. Xu Zewei is alleged to have worked at Shanghai Powerock, while Zhang Yu is alleged to have worked at Shanghai Firetech.
Additionally, Shanghai Heiying Information Technology Company is allegedly connected to Silk Typhoon operatives, specifically Yin Kecheng. Yin Kecheng, who was arrested earlier this year, is believed to have worked at Shanghai Heiying Information Technology Company. Yin Kecheng co-founded the Shanghai Siling Commerce Consulting Center with Zhang Yu.
The cyber tools tied to Silk Typhoon appear to exceed what's been publicly attributed to the Chinese hacking crew, suggesting possible transfer to other MSS outposts. At least 16 patents for offensive cybersecurity tools were identified by SentinelLabs.
This patent portfolio reveals a more diverse and sophisticated toolkit than publicly attributed to Silk Typhoon, underscoring their extensive offensive cyber capabilities aiding Chinese intelligence operations.
Sources: - The Register, July 31, 2025 [1] - Infosecurity Magazine, July 30, 2025 [2] - G B Hackers, July 31, 2025 [3] - Galileo Security, July 30, 2025 [4] - The Hacker News, July 30, 2025 [5]
- The patents filed by Shanghai Powerock and Shanghai Huayun Firetech detail a variety of offensive cybersecurity tools including decrypting hard drives, network traffic sniffers, forensic software, and spyware designed for Apple devices.
- The GNU/Linux-based tools developed by Silk Typhoon, including utilities for network traffic interception and data exfiltration, suggest advanced cybersecurity capabilities beyond previously known Hafnium capabilities.
- The two companies Shanghai Powerock and Shanghai Huayun Firetech are believed to be under the Shanghai State Security Bureau's direction and are connected to China’s Ministry of State Security (MSS).
- The cyber tools tied to Silk Typhoon also appear to exceed what's been publicly attributed to the Chinese hacking crew, indicating possible transfer to other MSS outposts and raising concerns about the extent of their advanced software and mobile tools.
- The recent revelations about the patent portfolio of Shanghai Powerock and Shanghai Huayun Firetech have sparked discussions about the role of technology and cybersecurity in politics and general-news, as they highlight the increasing sophistication and diversity of China’s intelligence operations.
