Legal
Chinese hacker arrested in Italy for U.S. cyberattacks tied to COVID-19 research
A Chinese national accused of participating in a state-directed cyber espionage campaign that targeted COVID-19 research and thousands of U.S. organizations has been arrested in Italy, according to the U.S. Justice Department.
Xu Zewei, 33, was taken into custody in Milan on Thursday and now faces extradition to the United States. He, along with 44-year-old Zhang Yu, are charged in a nine-count indictment in the Southern District of Texas, stemming from a series of computer intrusions carried out between February 2020 and June 2021.
According to court documents, Xu carried out the hacking at the direction of the Shanghai State Security Bureau (SSSB), a regional branch of China’s Ministry of State Security (MSS).
Prosecutors allege that Xu worked for Shanghai Powerock Network Co. Ltd., one of several companies in China that conduct hacking operations for the Chinese government.
“The indictment alleges that Xu was hacking and stealing crucial COVID-19 research at the behest of the Chinese government while that same government was simultaneously withholding information about the virus and its origins,” said U.S. Attorney Nicholas Ganjei.
Prosecutors say Xu and his co-conspirators targeted U.S. universities, virologists, and immunologists conducting vaccine research in early 2020. Xu allegedly reported directly to SSSB officers, providing updates and confirmation of intrusions, including into a research university in Texas. He was later instructed to target specific email accounts of researchers at the university and extract their contents.
In late 2020 and into 2021, Xu and others also exploited vulnerabilities in Microsoft Exchange Server software in a widespread hacking campaign known as “HAFNIUM,” affecting over 60,000 U.S. entities and at least 12,700 victims, according to the FBI. Microsoft publicly disclosed the campaign in March 2021, and the U.S. government later attributed it to Chinese state-sponsored actors.
Among the victims of the Exchange Server intrusions were another university in Texas and a global law firm with offices in Washington, D.C. Xu and his co-conspirators allegedly installed web shells on the compromised servers to maintain access, search mailboxes, and extract sensitive data—using search terms such as “Chinese sources,” “MSS,” and “HongKong.”
Xu faces multiple charges, including conspiracy to commit wire fraud, unauthorized access to protected computers, intentional damage to protected computers, and aggravated identity theft. If convicted, he faces decades in prison.
His co-conspirator, Zhang Yu, remains at large. The FBI urges anyone with information about Zhang’s whereabouts to call 1-800-CALL-FBI.
-
World7 days agoGermany breaks national all-time heat record amid European heatwave
-
World6 days ago14 killed in Saudi oil company helicopter crash
-
US News6 days agoTexas deputy killed by truck at drunk-driving crash scene
-
World6 days agoPoland breaks its national heat record amid European heatwave
-
Legal3 days ago7 sentenced in Texas detention center attack that wounded officer
-
Legal1 week agoTexas Amber Alert: 14-year-old Audrey Rich abducted in Big Springs
-
World2 days ago10 Buddhist monks killed when 11-year-old crashes pickup truck in Thailand
-
Legal2 days agoSuspect arrested at Las Vegas-area casino after mass shooting threats
