Overview

• Xu Zewei was arrested at Milan’s Malpensa Airport on July 3 under a U.S. warrant and is held at Busto Arsizio prison.
• He faces a nine-count indictment in the Southern District of Texas for hacking into U.S. COVID-19 research networks and exploiting Microsoft Exchange Server vulnerabilities in the HAFNIUM campaign.
• Court documents allege he conducted cyber intrusions between February 2020 and June 2021 under direction from China’s Ministry of State Security and Shanghai State Security Bureau.
• During his initial appeal hearing, Xu’s lawyer claimed his common surname and a 2020 phone theft point to a case of mistaken identity.
• Co-defendant Zhang Yu remains at large and the FBI is seeking information on his whereabouts.