Overview
- Xu Zewei was arrested at Milan’s Malpensa Airport on July 3 under a U.S. warrant and is held at Busto Arsizio prison.
- He faces a nine-count indictment in the Southern District of Texas for hacking into U.S. COVID-19 research networks and exploiting Microsoft Exchange Server vulnerabilities in the HAFNIUM campaign.
- Court documents allege he conducted cyber intrusions between February 2020 and June 2021 under direction from China’s Ministry of State Security and Shanghai State Security Bureau.
- During his initial appeal hearing, Xu’s lawyer claimed his common surname and a 2020 phone theft point to a case of mistaken identity.
- Co-defendant Zhang Yu remains at large and the FBI is seeking information on his whereabouts.