Chinese companies, linked to a state-sponsored hacking group known as Silk Timbus (aka Hafnium), have been identified as behind dozens of technology patents, shed light on the shadowy cyber contract ecosystem and its attack capabilities.
The patent covers encrypted endpoint data collection, Apple device forensics, and forensics and intrusion tools that allow remote access to routers and smart home devices, Sentinelone said in a new report shared with Hacker News.
“This new insight into the capabilities of companies affiliated with Hafnium highlights the important flaws in the attribution space of threat actors. Threat actor tracing usually links activity campaigns and clusters to the appointed actor.”
“Our research shows not only the individuals behind the attack, but also the companies they work for, the capabilities they have, and how those capabilities enhance the initiatives of state entities that contract with these companies.”
The findings are built on the July 2025 U.S. Department of Justice (DOJ) indictment of Xu Zewei and Zhang Yu, who work on behalf of China’s Department of National Security (MSS).
Court documents alleged that Zewei worked for a company named Shanghai Powerrock Network Co. Ltd., while Yu was employed at Shanghai Firetech Information Science and Technology Company, Ltd. Both individuals are said to be operated at the discretion of the Shanghai National Security Agency (SSSB).
Interestingly, Natto’s idea reported that Powerock registered its business on April 7, 2021 after Microsoft pointed its fingers in China for zero-day exploitation activities. Zewei then joined another well-known cybersecurity company, Chaitin Tech, changed jobs again and began working as IT manager for Shanghai GTA Semiconductor Ltd.
At this stage, Yin Kecheng, a hacker tied to Silk Timson, is said to be employed in a third Chinese company named Shanghai Heiying Information Technology Company, Limited, founded by Chinese patriotic hacker and data broker Zhou Shuai.
“Shanghai Firetech has worked on a specific tasking that was informed by MSS officers,” explained Cary. “Shanghai Firetech and the co-conspirators have achieved a continuous and trustworthy relationship with SSSB, the top regional office of MSS.”
The nature of this ‘direction’ of the relationship between SSSB and these two companies outlines the layered system of Chinese aggressive hacking costumes. ”
Further investigation into the web of connections between individuals and their businesses discovered patents filed by Firetech in Shanghai and Shanghai Shilling Commerce Consulting Centre.
There is also evidence to suggest that Shanghai Firetech is also involved in developing solutions that allow for close access operations for interested individuals.
“The various tools under the control of Firetech in Shanghai are publicly outweighing those caused by hafnium and silk typhoons,” Cary said. “This ability may be sold to MSS offices in other regions and is not attributable to hafnium, despite being owned by the same corporate structure.”
Source link
