Chinese language state-sponsored hackers related to the infamous Silk Hurricane group have filed over ten patents for stylish cyber espionage instruments, revealing the unprecedented scope of their offensive capabilities.
These patent functions, registered by firms linked to China’s Ministry of State Safety (MSS), expose a scientific method to creating extremely intrusive forensics and information assortment applied sciences that reach far past beforehand documented assault strategies.
The revelations emerged from a complete investigation following the July 2025 Division of Justice indictment of two hackers, Xu Zewei and Zhang Yu, who operated beneath the route of Shanghai State Safety Bureau.
These people labored for Shanghai Powerock Community Firm and Shanghai Firetech Info Science and Expertise Firm respectively, corporations which have now been instantly related to the Hafnium risk actor group, which Microsoft later rebranded as Silk Hurricane in 2022.
SentinelLABS analysts recognized these patent filings as a part of a broader investigation into the contracting ecosystem supporting China’s cyber operations.
The analysis uncovered a classy community of firms that develop offensive capabilities starting from encrypted endpoint information acquisition to cell forensics and community system visitors assortment.
This discovery represents one of the complete insights into how Chinese language state actors systematically develop and patent their hacking methodologies.
The risk group gained worldwide notoriety in 2021 following their exploitation of Microsoft Trade Server vulnerabilities, notably the ProxyLogon assault chain.
A corporation chart for folks and companies recognized to be related to Hafnium (Supply – SentinelLabs)
This marketing campaign was so harmful that it prompted the first-ever joint condemnation from america, United Kingdom, and European Union, essentially altering China’s method to cyber diplomacy and resulting in coordinated propaganda campaigns that proceed at the moment.
Superior Forensics Arsenal Uncovered
The patent functions reveal a complete suite of forensics instruments designed for covert information extraction throughout a number of platforms and gadgets.
Shanghai Firetech’s filings embody “distant automated proof assortment software program,” “Apple laptop complete proof assortment software program,” and “router clever proof assortment software program,” indicating capabilities that reach effectively past conventional Home windows-based targets.
Significantly regarding are patents for “defensive tools reverse manufacturing software program” and “laptop scene fast proof assortment software program,” suggesting instruments designed to quickly compromise and extract information from secured environments.
Latest filings exhibit evolution towards Web of Issues exploitation, with patents protecting “clever dwelling home equipment evaluation platform” and “long-range family laptop community intelligentized management software program.”
The group’s capabilities towards Apple techniques symbolize a big growth, as founder Yin Wenji demonstrated FileVault encryption bypass strategies as early as 2015.
Patents for “specifically designed laptop onerous drive decryption software program” and “distant cellphone proof assortment software program” point out subtle cell system compromise capabilities that haven’t been publicly attributed to Silk Hurricane operations, suggesting the group’s true scope stays largely undetected by present risk intelligence efforts.
Combine ANY.RUN TI Lookup together with your SIEM or SOAR To Analyses Superior Threats -> Strive 50 Free Trial Searches
