Overview

• SentinelLabs' new research uncovers over a dozen offensive cyber espionage patents filed by front firms including Shanghai Powerock and Shanghai Firetech.
• The patents describe capabilities ranging from encrypted endpoint data harvesting and Apple device forensics to remote intrusion of routers and smart home devices.
• In July, U.S. indictments accused Xu Zewei and Zhang Yu of directing the 2021 ProxyLogon Exchange breaches for the MSS and named Shanghai Heiying Information Technology among their corporate fronts.
• Evidence shows these firms operated under the Shanghai State Security Bureau’s direction, reflecting a tiered structure of state-sponsored hacking contractors.
• Experts warn that the scope of patented tooling indicates distribution of capabilities across regional MSS offices, complicating attribution as Beijing denies involvement.