In a significant development underscoring the escalating tensions in cyberspace between the United States and China, the U.S. Department of Justice (DOJ) has announced the arrest of 33-year-old Chinese national Xu Zewei. Xu was apprehended in Milan, Italy, on July 3, 2025, at the behest of U.S. authorities. He faces a nine-count indictment in the Southern District of Texas, which includes charges of wire fraud, aggravated identity theft, conspiracy to commit wire fraud, and unauthorized access to protected computers. ([justice.gov](https://www.justice.gov/opa/pr/justice-department-announces-arrest-prolific-chinese-state-sponsored-contract-hacker?utm_source=openai))
Allegations of State-Sponsored Cyber Intrusions
The indictment alleges that between February 2020 and June 2021, Xu, along with co-defendant Zhang Yu—who remains at large—engaged in cyber intrusions targeting U.S. universities and research institutions. These activities were reportedly directed by China’s Ministry of State Security (MSS) through its Shanghai State Security Bureau (SSSB). The primary objective was to steal sensitive COVID-19 research, including vaccine development, treatment methodologies, and testing protocols. ([justice.gov](https://www.justice.gov/opa/pr/justice-department-announces-arrest-prolific-chinese-state-sponsored-contract-hacker?utm_source=openai))
During this period, Xu was employed by Shanghai Powerock Network Co. Ltd., a company identified as one of several enabling firms in China that conduct hacking operations on behalf of the government. The DOJ asserts that Xu and his associates reported their hacking activities directly to MSS officers overseeing their operations. ([justice.gov](https://www.justice.gov/opa/pr/justice-department-announces-arrest-prolific-chinese-state-sponsored-contract-hacker?utm_source=openai))
The HAFNIUM Campaign and Microsoft Exchange Server Exploitation
In addition to targeting COVID-19 research, Xu is accused of participating in the HAFNIUM cyber intrusion campaign. Beginning in March 2021, this campaign exploited zero-day vulnerabilities in Microsoft Exchange Server software, compromising over 60,000 self-hosted Exchange servers across the United States. The majority of these servers were operated by small businesses, allowing the hackers to access private company mailboxes and address books. ([justice.gov](https://www.justice.gov/opa/pr/justice-department-announces-arrest-prolific-chinese-state-sponsored-contract-hacker?utm_source=openai))
The HAFNIUM group, publicly identified as having ties to the Chinese government, has been implicated in a series of cyber-espionage activities targeting various sectors, including law firms, infectious disease researchers, and defense contractors. The exploitation of Microsoft Exchange Server vulnerabilities underscores the group’s capability to conduct widespread and indiscriminate cyberattacks. ([justice.gov](https://www.justice.gov/opa/pr/justice-department-announces-arrest-prolific-chinese-state-sponsored-contract-hacker?utm_source=openai))
Legal Proceedings and International Implications
Following his arrest in Milan, Xu appeared before an appeals court to determine the course of his extradition to the United States. His legal representation contends that Xu is a victim of mistaken identity, citing the commonality of his surname in China and a prior theft of his mobile phone in 2020. ([reuters.com](https://www.reuters.com/legal/litigation/us-says-chinese-state-sponsored-contract-hacker-arrested-last-week-italy-us-2025-07-08/?utm_source=openai))
The arrest and pending extradition of Xu Zewei have the potential to strain diplomatic relations between Italy and China. Italy’s Prime Minister Giorgia Meloni faces the delicate task of balancing strong ties with the United States and cautious engagement with China. This case recalls Italy’s inconsistent history with U.S. extradition requests, including a failed attempt in 2023 involving Russian businessman Artem Uss. ([ft.com](https://www.ft.com/content/f7299b6f-2b58-46c0-bbe5-e650357e8f48?utm_source=openai))
Broader Context of Cyber Espionage
This case is part of a broader pattern of cyber espionage activities attributed to Chinese state-sponsored actors. In March 2025, the U.S. Department of Justice unsealed indictments against Chinese nationals Yin Kecheng and Zhou Shuai for their involvement in prolonged cyber espionage campaigns targeting U.S. defense contractors, technology firms, and government agencies. These activities were reportedly conducted on behalf of China’s MSS and Ministry of Public Security (MPS). ([en.wikipedia.org](https://en.wikipedia.org/wiki/List_of_Chinese_spy_cases_in_the_United_States?utm_source=openai))
The U.S. government has consistently accused China of engaging in cyber-enabled intellectual property theft, including attempts to steal COVID-19 research. In July 2020, two Chinese hackers were charged with targeting firms developing vaccines and treatments for the coronavirus. These charges marked the first instance of the U.S. government prosecuting foreign hackers for coronavirus-related cyberattacks. ([axios.com](https://www.axios.com/2020/07/21/justice-department-chinese-hackers-covid?utm_source=openai))
Conclusion
The arrest of Xu Zewei highlights the ongoing challenges in combating state-sponsored cyber espionage and the complexities of international cooperation in addressing such threats. As the legal proceedings unfold, this case may serve as a precedent for future actions against individuals accused of conducting cyberattacks on behalf of foreign governments.
