Chinese Hacker Extradited to U.S. for COVID-19 Research Cyberattacks
In a significant development in international cybercrime enforcement, Chinese national Xu Zewei, 34, has been extradited from Italy to the United States. Xu faces multiple charges, including nine counts of wire fraud, conspiracy to damage and obtain information from protected computers without authorization, and aggravated identity theft. These charges stem from his alleged involvement in cyberattacks targeting American organizations and government agencies between February 2020 and June 2021.
Xu is accused of being a member of the state-sponsored hacking group known as Silk Typhoon, also referred to as Hafnium. This group is notorious for exploiting zero-day vulnerabilities in Microsoft Exchange Server to infiltrate systems and deploy web shells for remote administration. One of the most alarming allegations against Xu involves the breach of a Texas university’s systems to steal sensitive COVID-19 vaccine research data.
The indictment reveals that Xu, along with co-defendant Zhang Yu, operated under directives from the Ministry of State Security’s (MSS) Shanghai State Security Bureau (SSSB). During the period of these cyberattacks, Xu was employed by Shanghai Powerock Network Co. Ltd., identified by the U.S. Department of Justice (DoJ) as one of several Chinese companies conducting hacking operations on behalf of the government.
The DoJ stated, In early 2020, Xu and his co-conspirators hacked and otherwise targeted U.S.-based universities, immunologists, and virologists conducting research into COVID‑19 vaccines, treatment, and testing. The charges further allege that beginning in late 2020, Xu and his co-conspirators exploited certain vulnerabilities in Microsoft Exchange Server, a widely-used Microsoft product for sending, receiving, and storing email messages.
Despite these serious allegations, Xu has consistently denied any involvement in government-sponsored hacking activities. He claims his arrest is a case of mistaken identity, asserting that he was on vacation in Milan with his wife when apprehended. During a recent court hearing, Xu pleaded not guilty to all charges. His co-defendant, Zhang Yu, remains at large.
The extradition of Xu underscores the escalating global efforts to combat cyber espionage and hold individuals accountable for cybercrimes that threaten national security and public health. This case also highlights the intricate web of state-sponsored cyber activities and the challenges in attributing and prosecuting such offenses.
Silk Typhoon, the hacking group allegedly associated with Xu, has been linked to numerous cyberattacks targeting sectors critical to national resilience, including healthcare, defense, and critical infrastructure. Their operations often involve a combination of credential harvesting, supply chain compromises, and long-term access strategies, reflecting a broader mandate focused on both immediate and strategic intelligence collection.
The group’s exploitation of zero-day vulnerabilities, particularly in widely-used software like Microsoft Exchange Server, has raised significant concerns about the security of global digital infrastructure. The Hafnium campaign, attributed to Silk Typhoon, reportedly targeted over 60,000 U.S. entities, successfully compromising more than 12,700 to steal sensitive information.
The involvement of private companies like Shanghai Powerock Network Co. Ltd. in state-sponsored cyber activities illustrates the complex ecosystem of contractors and private firms engaged in cyber espionage. This arrangement allows state actors to obscure their involvement and complicates international efforts to attribute and respond to cyber threats.
The extradition and forthcoming trial of Xu Zewei may provide valuable insights into the operations of state-sponsored hacking groups and the mechanisms through which they conduct cyber espionage. It also serves as a stark reminder of the persistent threats posed by cyberattacks to global security and the importance of international cooperation in addressing these challenges.
