Recent investigations have unveiled a startling connection between the notorious state-sponsored hacking group Silk Typhoon, also known as Hafnium, and several Chinese technology companies. A report by SentinelOne reveals these firms have filed over a dozen patents for advanced cyber espionage tools, offering a rare glimpse into China’s state-contracted cyber warfare infrastructure. The patents detail offensive capabilities designed for forensic analysis and intrusion, including tools for collecting encrypted data from endpoints, extracting information from Apple devices, and gaining remote access to routers and smart home devices, fundamentally linking corporate innovation with state-backed espionage.
The Indictments Revealing the Ecosystem
This new understanding is built upon a July 2025 U.S. Department of Justice (DoJ) indictment of individuals linked to the massive 2021 Microsoft Exchange Server hack. The indictment named Xu Zewei, an employee of Shanghai Powerock Network Co. Ltd., and Zhang Yu, who worked for Shanghai Firetech Information Science and Technology Company, Ltd. Both men allegedly acted on behalf of China’s Ministry of State Security (MSS) through its Shanghai State Security Bureau (SSSB). The corporate links provide tangible evidence of the “patriotic hacking” ecosystem, further underscored by the fact that Shanghai Powerock dissolved its business shortly after Microsoft publicly attributed the Exchange hack to China.
A Web of Interconnected Firms and Hackers
The network of corporate-backed hacking extends beyond just two individuals. Yin Kecheng, another hacker associated with Silk Typhoon who was indicted in March 2025, was an employee of a third firm, Shanghai Heiying Information Technology Company. According to Dakota Cary, a strategic advisor for SentinelLabs, these companies operate under direct tasking from MSS officers, forming a tiered system of offensive cyber operations. This “directed” relationship illustrates how the Chinese government leverages the technical expertise of the private sector to achieve its strategic intelligence objectives, creating a trusted, ongoing partnership between state security agencies and corporate contractors.
Patented Tools for Espionage
Digging deeper into the corporate connections, researchers uncovered specific patents filed by Shanghai Firetech and Shanghai Siling Commerce Consulting Center, a firm co-founded by indicted hacker Zhang Yu. These patents explicitly cover methods for collecting “evidence” from Apple devices, routers, and other security equipment. The technology described in these filings points to the development of solutions enabling close-access operations against high-value targets. This formal patenting of espionage tools demonstrates a level of institutionalization and long-term development that goes far beyond individual hacking campaigns.
Broader Implications for Cybersecurity
The discovery that Shanghai Firetech and its affiliates possess such a wide array of tools has significant implications for global cybersecurity. As Cary noted, the variety of capabilities developed by these firms likely “exceeds those attributed to Hafnium and Silk Typhoon publicly.” This suggests that their advanced tools may have been sold or distributed to other regional MSS offices or state-backed groups, meaning their impact could be far more widespread than previously understood. This research highlights a critical gap in threat intelligence, emphasizing the need to track not just individual hackers but also the corporate entities that develop, patent, and profit from the tools of digital espionage.
Reference:
