In a significant development in international cybersecurity enforcement, Italian authorities have arrested 33-year-old Chinese national Xu Zewei at Milan’s Malpensa Airport on July 3, 2025. The arrest was executed based on a U.S. warrant accusing Xu of orchestrating cyber intrusions targeting American universities and government agencies.
Allegations and Charges
The U.S. Department of Justice (DOJ) has unsealed a nine-count indictment against Xu, charging him with wire fraud, conspiracy to commit wire fraud, unauthorized access to protected computers, and aggravated identity theft. These charges stem from alleged cyber activities conducted between February 2020 and June 2021. Xu is accused of being a key operative in a Chinese state-sponsored hacking group known as Silk Typhoon, also referred to as Hafnium. This group is implicated in extensive cyber espionage campaigns, including the exploitation of vulnerabilities in Microsoft Exchange Server software.
Targeting COVID-19 Research
During the early stages of the COVID-19 pandemic, Xu and his co-conspirators allegedly targeted leading immunologists and virologists in the United States. Their objective was to steal groundbreaking research related to COVID-19 vaccines, treatments, and testing methodologies. The University of Texas is among the institutions reportedly affected by these cyber intrusions. The DOJ asserts that these activities were directed by officers from China’s Ministry of State Security (MSS), specifically the Shanghai State Security Bureau (SSSB).
The Hafnium Campaign
The Hafnium campaign, attributed to the Silk Typhoon group, involved exploiting zero-day vulnerabilities in Microsoft Exchange Server. This widespread cyber intrusion compromised thousands of computers globally, including over 60,000 U.S. entities. The campaign’s primary aim was to steal sensitive information, particularly intellectual property and confidential business data. The DOJ’s indictment highlights that Xu and his associates were at the forefront of this massive cyber offensive.
Extradition Proceedings and Defense Claims
Following his arrest, Xu is currently detained in Italy, awaiting extradition proceedings to the United States. His legal defense argues that he is a victim of mistaken identity, emphasizing the commonality of his surname in China and citing a prior theft of his mobile phone in 2020. Xu’s wife has publicly stated that he is merely a technician for an IT company and opposes his extradition to the U.S.
Broader Implications
This arrest underscores the ongoing tensions between the United States and China concerning cybersecurity and alleged state-sponsored espionage. The DOJ’s actions reflect a concerted effort to hold individuals accountable for cyber activities that threaten U.S. national security and intellectual property. Nicholas J. Ganjei, the U.S. Attorney for the Southern District of Texas, remarked, The hacking of these American universities is not just a violation of intellectual property rights. It’s an attack on American scientific innovation.
Conclusion
As Xu awaits potential extradition, this case serves as a stark reminder of the persistent threats posed by cyber espionage and the complexities involved in international law enforcement collaboration. The outcome of these proceedings may set a precedent for how nations address and prosecute state-sponsored cyber activities in the future.
