Patents Related to CCP-Backed Silk Typhoon Hackers Reveal Capabilities

Patents Related to CCP-Backed Silk Typhoon Hackers Reveal Capabilities - A recently unsealed indictment named companies tied to the CCP hackers that hold patents for tools for data collection from Apple computers and data scanning.

Udumbara Udumbara
Aug 8, 2025 - 09:54
0
Patents Related to CCP-Backed Silk Typhoon Hackers Reveal Capabilities

.

Cybersecurity research firm SentinelOne has identified more than 10 patents held by companies that are associated with the Chinese Communist Party (CCP)-backed hacking campaign known as Hafnium, or Silk Typhoon, revealing “highly intrusive forensics and data collection technologies.”

“These technologies offer strong, often previously unreported offensive capabilities, from acquisition of encrypted endpoint data, mobile forensics, to collecting traffic from network devices,” the researchers wrote in a July 30 report.
The report came on the heels of the Justice Department (DOJ) unsealing a 2023 indictment against two hackers with the Chinese Ministry of State Security’s Shanghai State Security Bureau.
.
The indictment named Xu Zewei and Zhang Yu as part of Silk Typhoon, revealing also the names of companies at which the hackers worked and details about how Chinese state-backed cyber campaigns are structured.
.
The campaign had been responsible for the 2021 hacks of Microsoft Exchange servers, an attack so pervasive that it prompted the United States, UK, and European Union to issue their first joint statement condemning the Chinese state-backed cyberactivity, and the U.S. Justice Department to request a court order that would allow the FBI to remove malware from tens of thousands of civilian servers.

SentinelLabs notes that while the group was responsible for the initial Microsoft Exchange breach, Hafnium/Silk Typhoon’s activity was immediately followed by other threat groups that “flooded the zone” with their own exploitation attempts.

Xu was a general manager at Shanghai Powerock Network Co., and Zhang was a director at Shanghai Firetech Information Science and Technology Company.

In January, the DOJ had indicted two other Silk Typhoon hackers, Yin Kecheng and Zhou Shuai, revealing another Chinese tech company associated with the campaign: Shanghai Heiying Information Technology Company.

The researchers found that these companies had patent filings for tools for remote automated evidence collection, router intelligence evidence collection, computer scene rapid evidence collection, defensive equipment reverse production, intelligent home appliances evidence collection and analysis, remote cellphone evidence collection, and others that show offensive cyber capabilities.

These include capabilities that haven’t previously been publicly linked to the Silk Typhoon campaign, such as tools and methods for collecting data from Apple devices.

The researchers offer the possibility that these companies may offer cyber offensive services to multiple CCP offices, which would explain why the capabilities have not been linked to the Silk Typhoon campaign.

The new insight shows the importance of tracking threat actor groups not just by clusters of activity, the researchers said. Unmasking the hackers and their companies not only revealed their capabilities, but shed new light on whether agencies of the Chinese regime were passing on software exploits obtained elsewhere to their contractors.

The researchers point to another Justice Department indictment of Chinese hackers that noted that the Guangdong State Security Department had given malware to its contractors, and raised the possibility that the Shanghai State Security Bureau obtained the exploit that was reported to Microsoft and passed it on to the Silk Typhoon contractors.
.
The 2024 iSoon leak gave unprecedented visibility into the Chinese regime’s cyber ecosystem, and how it contracts out different levels of foreign cyber operations to different kinds of groups. While the iSoon contractors were low-paid and given less favorable contracts, researchers say the Silk Typhoon group appears to be in the top level of contractors, just below in-house state cyber operatives.
.
Click Here To See More