Chinese Hacker Extradited to U.S. Over Alleged Cyberattacks Targeting COVID-19 Research and Microsoft Exchange Servers
In a significant development in international cybersecurity enforcement, Chinese national Xu Zewei, 34, has been extradited from Italy to the United States to face charges related to a series of cyberattacks conducted between February 2020 and June 2021. These attacks allegedly targeted U.S. universities and organizations, aiming to steal sensitive COVID-19 research and exploit vulnerabilities in Microsoft Exchange servers.
Background and Allegations
The U.S. Department of Justice (DOJ) has accused Xu of acting as a contractor for China’s Ministry of State Security (MSS), specifically under the direction of the Shanghai State Security Bureau (SSSB). Prosecutors allege that Xu, along with co-conspirator Zhang Yu, engaged in cyber espionage activities that compromised thousands of computer systems worldwide, including those in the United States.
In early 2020, Xu and Zhang allegedly targeted several U.S. universities to steal research related to the COVID-19 pandemic. This operation aimed to illicitly acquire valuable information on vaccines, treatments, and testing methodologies during a critical period of global health crisis.
Subsequently, beginning in March 2021, the duo is accused of exploiting previously undiscovered vulnerabilities in Microsoft Exchange servers. This campaign, attributed to the Chinese-backed hacking group known as Hafnium, and later referred to as Silk Typhoon, involved an indiscriminate assault on thousands of email servers. The objective was to gain unauthorized access to sensitive information from various American organizations, including defense contractors, law firms, think tanks, and infectious disease researchers.
Arrest and Extradition
Xu was apprehended in Milan, Italy, in July 2025 at the request of U.S. authorities. Following legal proceedings, he was extradited to the United States on April 25, 2026. Upon arrival, Xu was detained at the Federal Detention Center in Houston, Texas. He appeared in U.S. District Court in Houston on April 27, 2026, where he pleaded not guilty to all charges. The charges against him include wire fraud conspiracy, unauthorized access to computer systems, computer fraud, and aggravated identity theft.
Legal Proceedings and Potential Consequences
If convicted, Xu faces a potential prison sentence exceeding a decade. The DOJ’s indictment outlines nine counts related to his alleged involvement in the cyber intrusions. These charges underscore the severity with which the U.S. government is treating state-sponsored cyber espionage activities, particularly those targeting critical sectors such as public health and national security.
International Implications and Responses
The extradition of Xu marks a significant milestone in international cooperation against cybercrime. It highlights the collaborative efforts between the United States and Italy in addressing transnational cyber threats. However, the move has also elicited a strong response from the Chinese government. China’s Foreign Ministry has opposed the extradition, accusing the U.S. of fabricating charges through political manipulation and urging Italy to respect facts and law, immediately correct its mistake to avoid becoming an accomplice of the U.S.
Broader Context of Cybersecurity and International Relations
This case is part of a broader pattern of alleged Chinese state-sponsored cyber activities targeting various sectors globally. The Hafnium group’s exploitation of Microsoft Exchange vulnerabilities is one of the most notable examples, affecting thousands of organizations worldwide. The U.S. government’s pursuit of legal action against individuals like Xu reflects an intensified effort to hold perpetrators accountable and deter future cyber espionage activities.
Moreover, the case underscores the challenges in attributing and prosecuting cybercrimes that cross international borders. The successful extradition of Xu from Italy demonstrates the potential for international legal frameworks to address such challenges, provided there is cooperation between nations.
Conclusion
The extradition and forthcoming trial of Xu Zewei represent a pivotal moment in the global fight against cyber espionage. As the case progresses, it will likely have significant implications for international cybersecurity policies, diplomatic relations, and the ongoing efforts to protect sensitive information from state-sponsored cyber threats.
