Legal
Chinese hacker arrested in Italy for U.S. cyberattacks tied to COVID-19 research
A Chinese national accused of participating in a state-directed cyber espionage campaign that targeted COVID-19 research and thousands of U.S. organizations has been arrested in Italy, according to the U.S. Justice Department.
Xu Zewei, 33, was taken into custody in Milan on Thursday and now faces extradition to the United States. He, along with 44-year-old Zhang Yu, are charged in a nine-count indictment in the Southern District of Texas, stemming from a series of computer intrusions carried out between February 2020 and June 2021.
According to court documents, Xu carried out the hacking at the direction of the Shanghai State Security Bureau (SSSB), a regional branch of China’s Ministry of State Security (MSS).
Prosecutors allege that Xu worked for Shanghai Powerock Network Co. Ltd., one of several companies in China that conduct hacking operations for the Chinese government.
“The indictment alleges that Xu was hacking and stealing crucial COVID-19 research at the behest of the Chinese government while that same government was simultaneously withholding information about the virus and its origins,” said U.S. Attorney Nicholas Ganjei.
Prosecutors say Xu and his co-conspirators targeted U.S. universities, virologists, and immunologists conducting vaccine research in early 2020. Xu allegedly reported directly to SSSB officers, providing updates and confirmation of intrusions, including into a research university in Texas. He was later instructed to target specific email accounts of researchers at the university and extract their contents.
In late 2020 and into 2021, Xu and others also exploited vulnerabilities in Microsoft Exchange Server software in a widespread hacking campaign known as “HAFNIUM,” affecting over 60,000 U.S. entities and at least 12,700 victims, according to the FBI. Microsoft publicly disclosed the campaign in March 2021, and the U.S. government later attributed it to Chinese state-sponsored actors.
Among the victims of the Exchange Server intrusions were another university in Texas and a global law firm with offices in Washington, D.C. Xu and his co-conspirators allegedly installed web shells on the compromised servers to maintain access, search mailboxes, and extract sensitive data—using search terms such as “Chinese sources,” “MSS,” and “HongKong.”
Xu faces multiple charges, including conspiracy to commit wire fraud, unauthorized access to protected computers, intentional damage to protected computers, and aggravated identity theft. If convicted, he faces decades in prison.
His co-conspirator, Zhang Yu, remains at large. The FBI urges anyone with information about Zhang’s whereabouts to call 1-800-CALL-FBI.
10 charged in armed assault on ICE detention center in Texas
Two men charged in $650 million OmegaPro cryptocurrency fraud scheme
Series of earthquakes strike near Guatemala City, causing injuries and damage
Flash flood emergency declared in Ruidoso, New Mexico
-
Legal1 week agoFirefighters ambushed while responding to Idaho wildfire, at least 2 killed
-
World1 week agoTropical Storm Barry forms in the Gulf, expected to make landfall in eastern Mexico
-
Legal1 day ago3 killed, 9 injured in shooting in Philadelphia
-
Legal1 week agoOvidio Guzmán, son of ‘El Chapo,’ to plead guilty in Chicago drug trafficking case
-
Health1 week agoCambodia reports 3 new human cases of H5N1 bird flu
-
US News1 week agoMassive explosions reported at fireworks site in Yolo County, California
-
Legal6 days agoAt least 4 injured in shooting at mall in Savannah, Georgia
-
World1 week agoBaghdad hotel that hosted Arab League Summit damaged by fire