Chinese technology companies with documented ties to state-sponsored hacking operations have filed at least 16 patents for sophisticated cybersecurity tools capable of intercepting encrypted data, monitoring network traffic, and conducting digital forensics on compromised devices. The patent filings, spanning from 2014 to 2020, were submitted by Shanghai Powerock and Shanghai Huayun Firetech, companies directly linked to China’s Ministry of State Security and the notorious hacking group Silk Typhoon, according to a recent US Department of Justice indictment.
The patented technologies encompass a thorough suite of offensive cyber capabilities, including hard drive decryption tools, network traffic sniffing software, forensic applications, and specialized file recovery systems designed for Apple devices. These innovations facilitate the acquisition of encrypted endpoint data and promote mobile device forensics operations, representing what SentinelLABS characterized as “previously unreported offensive capabilities” for data collection and intrusion activities.
Silk Typhoon, in addition known as Hafnium, operates as a state-backed hacking group that has exploited zero-day vulnerabilities in globally impactful cyberattacks. The group gained particular notoriety for compromising tens of thousands of systems through Microsoft Exchange server vulnerabilities in 2021, with targets including the US Treasury Department and numerous multinational corporations. The patent filings provide unprecedented technical blueprints of offensive cyber capabilities not previously attributed to this sophisticated threat actor. Shanghai Powerock was deregistered in 2021 following its exposure in the Microsoft Exchange campaign.
The revelations emerge amid China’s stated commitment to strengthening intellectual property protections through its National Intellectual Property Administration work plans, which highlight blocking malicious patent filings and enhancing penalties for dishonest IP behaviors. These administrative reforms aim to create a first-class, law-based intellectual property business environment by 2025, particularly in high-technology sectors. CNIPA has implemented evidence regulations for trademark enforcement while promoting cross-departmental collaboration to enhance patent protection mechanisms.
Chinese state actors, including APT 41 and Silk Typhoon, have been implicated in extensive intellectual property theft campaigns targeting manufacturing, energy, pharmaceutical, and technology sectors worldwide. The FBI has identified China as the world’s largest and most persistent hacking threat, with estimated trillions in stolen intellectual property from approximately 30 multinational firms.
These groups deploy sophisticated tools including digitally signed rootkits and multi-stage infection chains to maintain persistent access to compromised networks.
