A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited from Italy to the United States.
Xu Zewei, 34, was arrested by Italian authorities in July 2025 on suspicion of ties to a Chinese state-backed threat group and for orchestrating cyberattacks against U.S. organizations and government agencies from February 2020 to June 2021, including infiltrating the University of Texas’ system to steal COVID-19 vaccine information.
He was charged with nine counts of wire fraud, conspiracy to gain unauthorized access to a protected computer to cause damage and obtain information, and aggravated identity theft.
Xu, along with his co-defendant and Chinese national Zhang Yu, are said to have carried out the attack on the instructions of the Shanghai State Security Bureau (SSSB) of the Ministry of State Security (MSS). Some of these attacks weaponized a Microsoft Exchange Server zero-day, a threat activity cluster that Microsoft tracked as Hafnium, to compromise targets and deploy web shells for remote management.
According to the indictment, Xu was working for a company called Shanghai Power Lock Network Co., Ltd. at the time of the attack. The US Department of Justice (DoJ) said Power Lock was one of a number of “enabled” companies that were conducting hacking activities on behalf of the government in China.
“In early 2020, Mr. Xu and his co-conspirators hacked and otherwise targeted U.S. universities, immunologists, and virologists conducting research into vaccines, treatments, and tests for the novel coronavirus disease (COVID-19),” the Justice Department added. “The charges further allege that beginning in late 2020, Mr. Xu and his co-conspirators exploited certain vulnerabilities in Microsoft Exchange Server, a Microsoft product widely used to send, receive, and store email messages.”
However, the defendant has repeatedly denied any involvement in the Chinese government’s hacking activities, insisting that the wrong person was arrested. He was on vacation in Milan with his wife when he was arrested. Speaking to TechCrunch, Xu’s lawyer said that in a court hearing on Monday, Xu pleaded not guilty to all charges. Zhang Yu remains on the run.
Source link
