Italian authorities arrested Xu Zewei, a 33-year-old Chinese national wanted by the United States for orchestrating cyberattacks against American COVID-19 research institutions, in Milan on July 3, 2025, following a coordinated operation with FBI agents. The arrest fulfills a U.S. extradition request as Xu faces a nine-count federal indictment in the Southern District of Texas, as his co-defendant Zhang Yu, 44, remains at large.
The charges stem from cyberattacks conducted between February 2020 and June 2021, during which Xu allegedly targeted universities and researchers developing COVID-19 vaccines, treatments, and testing protocols. Prosecutors accuse Xu of exploiting Microsoft Exchange Server vulnerabilities while working as part of the state-sponsored HAFNIUM group, also known as Silk Typhoon, which operated under direction from China’s Ministry of State Security, particularly the Shanghai State Security Bureau.
State-sponsored hackers systematically targeted critical COVID-19 research during the pandemic’s most vulnerable period, exploiting server vulnerabilities to steal vital medical innovations.
The hacking campaign utilized sophisticated techniques, including deploying “webshells” to maintain persistent remote access to compromised systems. Victims included U.S.-based universities in Texas and North Carolina, immunologists, virologists, and an international law firm with Washington, D.C. offices. The attacks coincided with vital phases of pandemic research, targeting institutions developing life-saving medical innovations. Following successful breaches, hackers copied gigabits of sensitive COVID-19 research data and transferred it directly to China for state-sponsored intelligence purposes.
Xu faces potential penalties of up to 20 years in prison on wire fraud and conspiracy charges, with the nine-count indictment encompassing computer fraud and conspiracy violations. The charges include aggravated identity theft alongside wire fraud and unauthorized computer access violations. U.S. Attorney Nicholas Ganjei highlighted the gravity of the theft, stating that “important COVID-19 research was stolen at the behest of the Chinese government,” characterizing the operation as an assault on American scientific innovation and intellectual property.
Prosecutors allege Xu and Zhang operated through Shanghai Powerock Network Co. Ltd., described as a company conducting cyberattacks at Beijing’s direction. The HAFNIUM group’s exploitation of Microsoft Exchange Server vulnerabilities affected thousands of computers globally, contributing to heightened international cybersecurity concerns.
This arrest represents part of ongoing U.S. law enforcement efforts targeting Chinese nationals connected to Beijing-directed cyberespionage activities. The case illustrates China’s systematic approach to acquiring Western intellectual property through state-sponsored cyber operations, particularly targeting biomedical research during the pandemic’s essential early phases.
