A Chinese national, Xu Zewei, has been arrested in Italy for allegedly leading cyberattacks against U.S. institutions to steal COVID-19 research and policy data

Prosecutors say he worked under the direction of China’s state security agency and was linked to the global “HAFNIUM” hacking campaign

Xu faces multiple federal charges and could receive decades in prison if convicted, while his co-accused, Zhang Yu, remains at large

A Chinese national accused of working at the direction of China’s state intelligence agency to infiltrate American networks and steal COVID-19 research has been arrested in Italy on a U.S. warrant.

Xu Zewei, 33, was detained at Milan’s international airport as he arrived on a flight from China, following a sealed indictment filed in Texas in 2023 and recently made public.

Arrested hacker working for Chinese government

Federal prosecutors allege that Xu, alongside 44-year-old Zhang Yu, engaged in a wide-ranging cyberattack campaign between February 2020 and June 2021, orchestrated under the guidance of China’s Ministry of State Security (MSS) and its Shanghai State Security Bureau (SSSB).

Their operations included hacking major U.S. institutions, exploiting vulnerabilities in Microsoft Exchange servers, and targeting academic and health research centers during the peak of the COVID-19 pandemic.

Authorities say Xu worked for Shanghai Powerock Network Co. Ltd., a private contractor that allegedly functioned as a front for state-sponsored cyber espionage.

His role reportedly involved compromising networks and providing stolen data directly to MSS handlers.

One notable operation cited in the indictment involved Xu confirming, on February 19, 2020, the breach of a major research university’s systems.

Days later, under SSSB orders, he allegedly extracted emails and data from top virologists working on COVID-19 vaccines and treatment research.

Hacker linked to infamous HAFNIUM campaign

Xu and his co-conspirators are also linked to the now-infamous “HAFNIUM” hacking campaign, where Microsoft Exchange Server vulnerabilities were exploited on a global scale.

U.S. officials say the intrusion affected thousands of systems worldwide, including law firms and policy institutions in Washington, D.C., with hackers searching mailboxes using terms like “Chinese sources,” “MSS,” and “Hong Kong.”

Federal officials have described the campaign as reckless and indiscriminate.

“The Southern District of Texas has been waiting years to bring Xu to justice,” said U.S. Attorney Nicholas Ganjei.

“Even if it takes years, we will track hackers down and make them answer for their crimes.”

Xu faces multiple federal charges, including wire fraud, computer fraud, identity theft, and conspiracy. If convicted, he could serve up to 20 years for wire fraud alone, with additional penalties for other charges, including a mandatory two-year sentence for identity theft.

Meanwhile, Zhang remains at large. The FBI is urging anyone with information about his location to contact 1-800-CALL-FBI.

The case is being prosecuted by Assistant U.S. Attorneys S. Mark McIntyre and John Marck, along with officials from the Justice Department’s National Security Division.

