A Chinese national accused of participating in a major cyber espionage campaign linked to COVID-19 research has been extradited from Italy to the United States, marking a significant development in an ongoing international cybercrime investigation.
Arrest and Extradition Details
The suspect, Xu Zewei, aged 34, was taken into custody by Italian authorities in July 2025. His arrest was tied to alleged involvement with the state-backed hacking group Silk Typhoon.
U.S. officials claim that between February 2020 and June 2021, he carried out coordinated cyberattacks targeting American institutions, including government agencies and academic organizations.
Targeting COVID-19 Research
Investigators allege that one of the primary objectives of these attacks was to access sensitive research related to COVID-19 vaccines. A university in Texas was among the key targets, where unauthorized access reportedly led to the theft of valuable scientific data.
According to prosecutors, these cyber intrusions were part of a broader effort to obtain critical healthcare research during the global pandemic.
Charges Filed in the United States
The U.S. Department of Justice has charged Xu with multiple offenses, including:
- Wire fraud
- Conspiracy to damage protected computer systems
- Unauthorized access to sensitive data
- Aggravated identity theft
If convicted, these charges could result in significant legal consequences under U.S. federal law.
Connection to Chinese Intelligence Operations
Authorities allege that Xu operated under the direction of China’s Ministry of State Security, specifically through its Shanghai State Security Bureau.
He is accused of working alongside another Chinese national, Zhang Yu, who remains at large.
The indictment also links Xu to a private company, Shanghai Powerock Network Co. Ltd., described by U.S. officials as one of several entities allegedly supporting government-backed cyber operations.
Exploitation of Microsoft Exchange Vulnerabilities
The attacks reportedly leveraged previously unknown vulnerabilities in Microsoft Exchange Server. These flaws were exploited to gain unauthorized access to systems and deploy web shells, allowing remote control over compromised networks.
Microsoft had earlier tracked similar activity under the name Hafnium, identifying it as part of a broader cyber espionage campaign.
Defense Claims and Legal Position
Despite the allegations, Xu has denied any involvement in hacking activities linked to the Chinese government. His legal team argues that his arrest was based on mistaken identity.
At the time of his arrest, he was reportedly in Milan on a personal trip with his wife. During a recent court appearance, he pleaded not guilty to all charges.
Ongoing Investigation
While Xu is now in U.S. custody, his alleged accomplice Zhang Yu has not yet been apprehended. Authorities continue to investigate the case as part of a wider effort to combat state-sponsored cyber threats.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
