Particle.news

Download on the App Store

Chinese State-Sponsored Hacker Xu Zewei Arrested in Milan on U.S. Extradition Request

He faces a nine-count Texas indictment for stealing COVID-19 research through MSS-directed Exchange Server exploits ahead of extradition proceedings.

The seal of the Federal Bureau of Investigation (FBI) on the J. Edgar Hoover Federal Bureau of Investigation (FBI) building in Washington, DC, US, on Wednesday, Feb. 5, 2025.
Image
Image
Image

Overview

  • Xu Zewei was arrested in Milan on July 3 at the request of U.S. authorities and is being held pending extradition to the Southern District of Texas.
  • A nine-count indictment unsealed July 8 charges him and co-defendant Zhang Yu with computer intrusions from February 2020 to June 2021, including the HAFNIUM campaign and theft of COVID-19 research.
  • Court documents allege officers of China’s Ministry of State Security directed Xu to exploit Microsoft Exchange Server vulnerabilities and install web shells to steal data.
  • Prosecutors say Xu operated through Shanghai Powerock Network Co. Ltd., one of several Chinese front companies facilitating government-sponsored hacking.
  • Zhang Yu remains at large and the FBI has issued a reward for information leading to his capture as international partners collaborate on the case.