A Chinese national accused of ties to the hacking collective known as Silk Typhoon has been extradited from Italy to the United States, where he faces multiple federal cybercrime charges related to intrusions targeting COVID-19 research institutions and critical systems.
Arrest and Extradition from Italy
Xu Zewei, 34, was detained by Italian authorities in July 2025 while traveling in Milan with his wife. After months of legal proceedings, he has now been transferred to the United States to face prosecution. U.S. authorities allege that Xu played a key role in coordinated cyberattacks carried out between February 2020 and June 2021.
Alleged Targeting of COVID-19 Research
According to U.S. prosecutors, Xu and alleged co-conspirator Zhang Yu were involved in hacking operations directed at American universities and medical researchers working on COVID-19 vaccines, treatments, and testing.
One of the reported intrusions involved a Texas-based university, where hackers allegedly attempted to steal sensitive research data related to vaccine development during the global pandemic.
Officials say the campaign specifically focused on immunologists and virologists, highlighting concerns that state-backed cyber operations sought to exploit the urgency of global health research during COVID-19.
Exploitation of Microsoft Exchange Vulnerabilities
Investigators claim the attackers later exploited vulnerabilities in Microsoft Exchange Server, a widely used email and communication platform. The activity aligns with a broader wave of global cyber intrusions that targeted organizations through security flaws in the system.
These attacks reportedly enabled unauthorized access to email servers and the deployment of malicious web shells, allowing persistent remote control over compromised networks.
Cybersecurity researchers previously associated similar exploitation activity with the threat cluster tracked as “Hafnium,” which has been linked to large-scale breaches worldwide.
Charges and Allegations
The U.S. Department of Justice has charged Xu with nine criminal counts, including:
- Wire fraud
- Conspiracy to access protected computers without authorization
- Aggravated identity theft
Authorities allege the operations were conducted under the direction of China’s Ministry of State Security (MSS), specifically the Shanghai State Security Bureau.
Prosecutors also claim that Xu worked for Shanghai Powerock Network Co. Ltd., described as one of several private-sector entities allegedly used to support state-linked cyber operations.
Defense and Denial of Involvement
Xu has denied all allegations, insisting he had no involvement in government-backed hacking activities. His legal team argues that he is a victim of mistaken identity and has pleaded not guilty to all charges in court proceedings.
His attorney also confirmed that Xu was on vacation in Italy when he was arrested.
Meanwhile, co-defendant Zhang Yu remains at large, according to investigators.
Broader Cyber Espionage Concerns
The case adds to growing international concern over cyber espionage campaigns targeting sensitive research sectors, particularly during global crises. Authorities continue to investigate the extent of the alleged operations and potential additional victims.
