Skip to content
Unveil the Latest GadgetsStrengthen Your Digital Fortress

Cybersecurity firm Silk Typhoon allegedly amassed a collection of patents for malicious cyber weapons, according to recent reports.

U.S. court documents disclose Chinese spies submitted IP paperwork similar to tax returns

 and  Administrator
3 min read
Cybersecurity firm uncovers details about Silk Typhoon's portfolio of patent-protected cyberattack...
Cybersecurity firm uncovers details about Silk Typhoon's portfolio of patent-protected cyberattack technologies, according to recent findings

Cybersecurity firm Silk Typhoon allegedly amassed a collection of patents for malicious cyber weapons, according to recent reports.

China's Silk Typhoon Espionage Crew Unveils Advanced Cyber Espionage Capabilities

New research reveals a highly sophisticated suite of cyber espionage tools linked to China’s Ministry of State Security (MSS) and the Silk Typhoon espionage crew. These tools, developed by firms such as Shanghai Powerock and Shanghai Firetech, have been used in operations detailed in a July 2025 investigation by SentinelLabs and supporting US indictments.

The capabilities uncovered include:

  • Advanced decryption utilities for extracting encrypted data from Apple FileVault-encrypted systems. This tooling allows remote recovery of files from protected drives, extending Silk Typhoon's reach to Apple devices—a capability not previously documented in Hafnium's (Silk Typhoon's alias) known tradecraft.
  • Network traffic sniffers capable of intercepting traffic from routers and smart appliances, supporting covert surveillance and data collection on targeted networks.
  • Forensic software specifically designed for highly intrusive data acquisition and mobile device forensics. These tools can acquire encrypted endpoint data and enable detailed data exfiltration, illustrating advanced cyber-espionage technical sophistication.
  • Spyware tools for Apple devices, enabling remote investigation and file recovery. The patented software indicates an expansion of operational capabilities targeting Apple user environments, which had not been publicly attributed to Hafnium or related groups before.

The research further highlights that the Silk Typhoon ecosystem uses a tiered contracting model, with private firms supplying bespoke cyber-espionage technologies directed by the Shanghai State Security Bureau, complicating attribution. These tools not only support espionage on defense contractors, think tanks, universities, and government agencies but also embody a sustained and evolving Chinese state-backed cyber capability with evidence of clandestine patent filings.

While these tools could theoretically be dual-use, there is no evidence of defensive usage; all indications point to offensive cyber operations. The Chinese government officially denies involvement in these espionage activities despite mounting technical attribution by multiple cybersecurity agencies and US indictments.

In summary, Silk Typhoon’s current toolkit includes advanced decryption utilities, network sniffers, forensic and data exfiltration software, and specialized spyware for Apple devices, actively used or held in patent form by MSS-linked entities. This demonstrates a broad and sophisticated Chinese state cyber-espionage apparatus.

[1] SentinelLabs. (2025). Investigation Report: Silk Typhoon Espionage Campaign. [online] Available at: https://www.sentinellabs.com/research/silk-typhoon-espionage-campaign/

[2] Department of Justice. (2025). Indictment: Chinese Ministry of State Security Agents and Contractors Charged in Cyber Espionage Campaign Targeting COVID-19 Research. [online] Available at: https://www.justice.gov/opa/pr/indictment-chinese-ministry-state-security-agents-and-contractors-charged-cyber-espionage

[3] FireEye Mandiant. (2021). APT41: Exposing a Decade of Cyber Espionage. [online] Available at: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/apt41/apt41-exposing-a-decade-of-cyber-espionage.pdf

[4] Microsoft Threat Intelligence Center. (2021). Hafnium: APT actor targeting Exchange servers. [online] Available at: https://www.microsoft.com/security/blog/2021/03/03/hafnium-apt-actor-targeting-exchange-servers/

  1. The advanced decryption utilities developed by firms like Shanghai Powerock and Shanghai Firetech, used by China's Silk Typhoon espionage crew, allow remote recovery of files from Apple devices, marking a significant expansion of their capabilities.
  2. The cyber espionage tools linked to China’s Ministry of State Security (MSS) and the Silk Typhoon crew have been employed in operations, as detailed in a July 2025 investigation by SentinelLabs and supporting US indictments.
  3. The Silk Typhoon ecosystem uses a tiered contracting model, with private firms supplying bespoke cyber-espionage technologies directed by the Shanghai State Security Bureau, making it difficult to trace ownership and use of these technologies.
  4. The research also confirms the use of network traffic sniffers by the Silk Typhoon crew, capable of intercepting traffic from routers and smart appliances, supporting covert surveillance and data collection on targeted networks.
  5. The Silk Typhoon’s current toolkit, which includes advanced decryption utilities, network sniffers, forensic and data exfiltration software, and specialized spyware for Apple devices, demonstrates a sophisticated Chinese state cyber-espionage apparatus, underscoring the need for strengthened cybersecurity measures in general-news, politics, and the mobile sector, particularly against AI-enhanced threats.

Read also:

    Related

    Latest