A Chinese national accused of taking part in a global hacking operation has been extradited from Italy to the United States. Xu Zewei, 34, was charged for participation in a series of computer intrusions carried out between February 2020 and June 2021. Prosecutors say some of the attacks were part of the widespread Hafnium (aka Salt Typhoon) cyber-espionage campaign, which compromised thousands of systems worldwide.
According to court documents, Xu and another co-defendant, Zhang Yu, who currently remains at large, allegedly worked under the direction of China’s Ministry of State Security (MSS), specifically its Shanghai State Security Bureau (SSSB).
Authorities claim Xu conducted hacking operations while employed by Shanghai Powerock Network Co. Ltd., described as one of several private firms allegedly used by Chinese intelligence services to carry out cyber-espionage activities.
Prosecutors allege that in early 2020, Xu and his associates targeted US-based universities and researchers engaged in COVID-19 vaccine, treatment, and testing efforts. In one instance, Xu reportedly accessed a Texas-based university network and stole email contents from virologists and immunologists. Xu and his accomplices also exploited vulnerabilities in Microsoft Exchange Server software to install web shells used for remote access to compromised systems.
Xu faces multiple charges, including conspiracy to commit wire fraud, unauthorized access to protected computers, and aggravated identity theft. If convicted on all counts, he could face decades in prison.