Chinese Firms Behind Silk Typhoon Hold Patents for Hacking Tools

Chinese companies associated with the state-sponsored Hacker group known as Silk Typhoon (also called Hafnium) have registered over a dozen technology patents, according to a recent report. The patents cover cyber tools for encrypted data extraction, investigation of Apple devices, and remote access to connected devices.

The security firm SentinelOne stated that these patents belong to firms connected to Silk Typhoon. A new indictment from the U.S. Department of Justice in July 2025 accuses Xu Zewei and Zhang Yu of conducting a major 2021 cyber campaign that targeted Microsoft Exchange Server vulnerabilities. The pair reportedly worked for Shanghai Powerock Network Co. Ltd. and Shanghai Firetech Information Science and Technology Company, Ltd., under the direction of the Shanghai State Security Bureau, a local branch of China’s Ministry of State Security.

“This new insight into the Hafnium-affiliated firms’ capabilities highlights an important deficiency in the threat actor attribution space: threat actor tracking typically links campaigns and clusters of activity to a named actor,” said Dakota Cary of SentinelLabs. “Our research demonstrates the strength in identifying not only the individuals behind attacks, but the companies they work for, the capabilities those companies have, and how those capabilities fortify the initiatives of the state entities who contract with these firms.”

According to court records, Xu Zewei was affiliated with Shanghai Powerock, while Zhang Yu worked for Shanghai Firetech. U.S. authorities state both worked under state direction to conduct cyber intrusions. SentinelOne and other sources found that after the Microsoft attack was publicly linked to China, Powerock closed its operations, and Zewei later worked for Chaitin Tech and subsequently moved on to Shanghai GTA Semiconductor Ltd.

Further connections show that individuals involved had relationships with other companies, including Shanghai Heiying Information Technology Company, which was linked to hacker Yin Kecheng. The report describes that these companies have an ongoing and trusted relationship with China’s state security offices. “Shanghai Firetech worked on specific tasking handed down from MSS officers,” Cary said, adding that the firms’ role in the Chinese cyber operations is organized in a “tiered” system.

Additional research revealed patents filed by Shanghai Firetech and Shanghai Siling Commerce Consulting Center, covering tools for gathering data from Apple devices, routers, and other electronics. Some evidence suggests Shanghai Firetech also works on solutions for physically accessing individuals’ devices or data.

“The variety of tools under the control of Shanghai Firetech exceeds those attributed to Hafnium and Silk Typhoon publicly,” Cary added. “The capabilities may have been sold to other regional MSS offices, and thus not attributed to Hafnium, despite being owned by the same corporate structure.” More details are available in SentinelOne’s full report and related coverage on Silk Typhoon’s covert operations.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Morgan Stanley Warns: US Dollar Could Drop 9% by 2025
• ZA Group Leads $40M in RD Technologies as HK Stablecoin Law Starts
• China Jails Tech Exec for $19.5M Crypto Laundering, Recovers $11M
• Nvidia H20 Orders Soar as US Lifts Chip Export Ban to China
• Samourai Wallet Co-Founders to Plead Guilty in Mixing Case