Chinese citizens were arrested in Milan, Italy for ties with a state-sponsored hacking group known as the Silk Typhoon and for carrying out cyberattacks on American organizations and government agencies.
Xu Zewei, 33, was charged with nine wire fraud and conspiracy damage by committing unauthorized access to a protected computer and aggravated identity theft, causing nine wire fraud and conspiracy to obtain information. Details of the arrest were first reported by Italian media.
XU is said to have been involved in a US computer invasion between February 2020 and June 2021. This includes mass attacks that leveraged the zero-day flaws of the time on Microsoft Exchange Server, a cluster of activities designed by Windows Maker, designed by Windows Maker, designed as Hafnium.
The suspect is also accused of participating in China’s spying efforts during the Covid-19 pandemic, seeking access to vaccine research at various universities in the United States, including the University of Texas.
Xu, along with the co-defendant and China’s national Zhang Yu, is believed to have embarked on the attack based on instructions given by the State Department (MSS) Shanghai State Security Bureau (SSSB).
“Since late 2020, Xu and his co-conspirators have exploited certain vulnerabilities in Microsoft Exchange Server, which is widely used to send, receive and store email messages,” the Department of Justice said. “The exploitation of Microsoft Exchange Server is at the forefront of a massive campaign targeting thousands of computers around the world, and is said to be publicly known as “Hafnium.” ”
The Silk Tie-One, which overlaps with UNC5221, is known for using zero-day vulnerabilities to successfully compromise technology companies in supply chain attacks. The group has targeted more than 60,000 US entities to steal sensitive information through the Hafnium campaign, and is said to have committed more than 12,700 casualties.
The Justice Department also claims that Zewei worked for a company named Shanghai Powerrock Network Co. Ltd., lending further credit to other reports that China is leveraging numerous contractors and private companies to launch state-sponsored spying to blur government involvement when the attack took place.
According to a Reuters report, Xu opposes the extradition request and claims case of false identity. Xu’s lawyer added that his last name is very common in China and that his cell phone was stolen from him in 2020.
“Unfortunately, the impact of this arrest is not immediately noticeable. There are several teams made up of dozens of operators who continue to continue cyber espionage,” said John Hultquist, chief analyst at Google Threat Intelligence Group (GTIG), in a statement shared with Hacker News.
“Government sponsors will not be deterred. While arrests are unlikely to halt or significantly slow the operation, they may give some of these talented young hackers a reason to think twice before taking part in this work.”
Source link
