The patents, registered by firms named in recent U.S. Department of Justice indictments, detail sophisticated offensive capabilities including encrypted endpoint data acquisition, mobile device forensics, and network traffic interception from routers and smart home appliances. “The variety of tools under the control of Shanghai Firetech exceeds those attributed to Hafnium and Silk Typhoon publicly,” said Dakota Cary, China-focused strategic advisor for SentinelLabs. Patents for “intelligent home appliances analysis platform,” “long-range household computer network intelligentized control software,” and “remote cellphone evidence collection software” could enable sophisticated surveillance of individuals in their homes. The findings stem from July 2025 DOJ indictments of Chinese hackers Xu Zewei and Zhang Yu, who allegedly operated under the direction of China’s Ministry of State Security (MSS) through the Shanghai State Security Bureau. The DOJ indictments reveal a tiered ecosystem of Chinese cyber contractors, with Shanghai Firetech operating at the highest level of trust with intelligence services. Unlike lower-tier firms that sell access opportunistically, Shanghai Firetech worked on specific tasking from MSS officers, indicating an ongoing, trusted relationship with China’s premier intelligence agency. Cybersecurity researchers have uncovered more than 10 patents for highly intrusive forensics and data collection technologies filed by Chinese companies directly linked to state-sponsored hacking operations, according to a new report from SentinelLABS released this week. The technologies represent a significant expansion beyond previously documented capabilities of China’s elite Hafnium threat actor group, also known as Silk Typhoon. Shanghai Firetech maintains a subsidiary in Chongqing that appears larger than its Shanghai headquarters, suggesting broader operations across China’s regional MSS offices. The revelations underscore the sophisticated nature of China’s cyber contracting ecosystem and the challenge facing defenders in accurately attributing state-sponsored attacks to their true operators. The absence of these additional capabilities in public Hafnium attribution may reflect either their use in covert operations or the FBI’s strategic decision to reveal only widely recognized activities in the indictments. Xu worked for Shanghai Powerock Network Company while Zhang Yu was employed at Shanghai Firetech Information Science and Technology Company. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. “Threat actor tracking typically links campaigns and clusters of activity to a named actor,” Cary explained. That campaign prompted the first-ever joint U.S.-U.K.-European Union statement condemning China’s cyber activities. More concerning are recent patent filings suggesting capabilities suited for human intelligence operations. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 31 Jul 2025 14:15:24 +0000