A man identified as Xu Zewei, accused of orchestrating cyberattacks on behalf of the Chinese government, has been extradited to the United States. His attorney confirmed that Xu arrived in the U.S. after being arrested in Italy last year at the request of American authorities.
Last year, the U.S. Justice Department charged Xu with working as a contractor for the Chinese Ministry of State Security. Prosecutors allege that he, along with an accomplice named Zhang Yu, targeted multiple U.S. universities in 2020 to steal crucial research related to the COVID-19 pandemic. Additionally, they are said to have compromised thousands of email servers running Microsoft Exchange starting in March 2021, as part of a broader campaign attributed to a Chinese-backed hacking group known as Hafnium, later linked to another group called Silk Typhoon.
Xu's lawyer in Italy, Simona Candido, stated that he is currently detained in Houston, Texas. The U.S. Bureau of Prisons confirms that a person with his name is in custody at the Federal Detention Center in the city. Dan Cogdell, Xu's U.S. attorney, is set to represent him in a hearing scheduled for Monday in Houston.
According to the Justice Department, Xu was affiliated with Shanghai Powerock Network, a Chinese firm implicated in conducting hacking operations for the Beijing government. Reports indicate that Xu and his associates communicated directly with Chinese state officials regarding their activities.
Prosecutors assert that the Hafnium group exploited previously unknown vulnerabilities in Microsoft Exchange servers, successfully breaching over 12,700 entities across the U.S., including defense contractors, law firms, and research institutions focused on infectious diseases.
The Chinese Embassy in Washington, D.C., has not responded to inquiries regarding the extradition. The Financial Times reported that the Chinese Foreign Ministry condemned Xu's extradition, accusing the U.S. of fabricating charges against him.
Historically, the U.S. government has pursued numerous Chinese hackers, many of whom remain elusive. In a notable case from 2022, Yanjun Xu was sentenced to 20 years in prison for espionage, marking a significant moment as he was the first Chinese intelligence officer extradited to the U.S.
This extradition underscores the ongoing international efforts to combat cybercrime and enhance cybersecurity protocols globally. As nations increasingly collaborate to address digital threats, the future may see more stringent measures and enhanced cooperation to secure vital research and infrastructure.
