Hafnium Tied to Superior Chinese language Surveillance Instruments

A brand new report has uncovered over a dozen patents linked to corporations supporting China’s cyber-espionage operations, revealing capabilities beforehand unreported in public risk intelligence. 

These applied sciences, registered by corporations recognized in current US indictments, are tied to the superior persistent risk group often called Hafnium, additionally tracked as Silk Typhoon by Microsoft.

The findings comply with the July 2025 indictment of two Chinese nationals, Xu Zewei and Zhang Yu, who had been accused of hacking on behalf of the Ministry of State Safety (MSS). Xu and Zhang labored for corporations not beforehand related publicly with Hafnium: Shanghai Powerock and Shanghai Firetech, respectively. 

Each corporations, based on the Division of Justice, operated beneath the course of the Shanghai State Safety Bureau (SSSB).

Forensics Patents and Organizational Ties

SentinelLabs’ analysis recognized not less than 10 patents linked to Shanghai Firetech that show offensive cyber capabilities. These embody instruments to extract encrypted knowledge from Apple gadgets, intercept site visitors from routers and good home equipment and get better information from protected drives.

The investigation additionally sheds gentle on how these corporations keep long-term relationships with Chinese language intelligence companies. Zhang Yu, as an illustration, oversaw coordinated hacking operations and beforehand co-founded a cellular app firm tied to his future enterprise associate at Shanghai Firetech.

Read more on Chinese cyber-espionage operations: Prolonged Chinese Cyber Espionage Campaign Targets VMware Appliances

The Hafnium Cluster Expands

The July indictment expanded the recognized Hafnium ecosystem to not less than 4 people and three corporations.

Earlier in 2025, two others, Yin Kecheng and Zhou Shuai, were sanctioned and indicted in separate circumstances tied to the identical exercise cluster. Zhou, also called Coldface, served as a dealer for Yin’s work by the agency iSoon, whose inner paperwork had been leaked on-line in 2024.

Although Microsoft renamed the group Silk Hurricane in 2022, the DOJ nonetheless connects these operations to Hafnium’s most notorious marketing campaign: the 2021 exploitation of Microsoft Exchange Server vulnerabilities. That breach prompted a uncommon joint assertion from the US, UK and EU condemning China’s cyber actions.

Patents Counsel Broader Offensive Attain

Latest filings by Shanghai Firetech describe instruments similar to:

• Distant cellphone forensics software program

• Router site visitors assortment platforms

• Good equipment evaluation instruments

• Arduous drive decryption utilities

• Community management software program for dwelling programs

These filings counsel that the corporate could assist close-access operations past these publicly attributed to Hafnium. Notably, a number of the patented instruments have by no means been seen in use, leaving open the chance that they had been developed for labeled operations or provided to regional MSS places of work exterior Shanghai.