Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
Chinese national Xu Zewei, a member of the Silk Typhoon hacking group, has been extradited from Italy to the U.S. for allegedly stealing COVID-19 vaccine data and exploiting Microsoft Exchange zero-days.
A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy, facing charges for a series of cyberattacks that targeted American universities and stole COVID-19 vaccine research data from American universities and government agencies between 2020 and 2021.
Xu Zewei, 34, was arrested in July 2025 by Italian authorities and was extradited to the United States, where he now faces nine counts of wire fraud, conspiracy to cause damage to and obtain information by unauthorized access to protected computers, and aggravated identity theft. According to the U.S. Department of Justice (DoJ), Xu and his co-defendant, Chinese national Zhang Yu, carried out the attacks under the direction of the Ministry of State Security's (MSS) Shanghai State Security Bureau (SSSB).
"In early 2020, Xu and his co-conspirators hacked and otherwise targeted U.S.-based universities, immunologists, and virologists conducting research into COVID‑19 vaccines, treatment, and testing," the DoJ stated. The indictment alleges that Xu worked for Shanghai Powerock Network Co. Ltd., a company the DoJ describes as one of many "enabling" companies in China that conducted hacking operations for the government. The attacks weaponized then-zero-day vulnerabilities in Microsoft Exchange Server, a threat activity cluster that Microsoft tracked as Hafnium, to breach targets and deploy web shells for remote administration.
Xu was in Milan with his wife on vacation when he was apprehended. Speaking to TechCrunch, Xu's lawyer said his client pleaded not guilty to all charges during a court hearing on Monday and has repeatedly denied any involvement in Chinese government hacking operations, claiming his arrest was a case of mistaken identity. Zhang Yu remains at large.
The extradition marks a significant step in U.S. efforts to hold state-sponsored hackers accountable, particularly those involved in stealing sensitive COVID-19 research. The case underscores the ongoing threat posed by Chinese state-sponsored hacking groups like Silk Typhoon, which have been linked to a wide range of cyber espionage campaigns targeting critical infrastructure, intellectual property, and government networks worldwide.