The United States has successfully extradited a Chinese citizen involved in one of the most significant state-backed cyber espionage campaigns. The individual, Xu Zewei, was brought from Italy to the U.S. where he appeared in a Houston court on April 27, 2026, facing multiple charges related to cyber intrusions.
Details of the Cyber Espionage Campaign
Xu, aged 34, is accused of orchestrating a series of cyberattacks between February 2020 and June 2021, a time that coincided with the COVID-19 pandemic. These operations were allegedly directed by the Shanghai State Security Bureau, part of China’s Ministry of State Security (MSS). Xu was employed by Shanghai Powerock Network Co. Ltd., a company described as facilitating these covert activities.
This strategic outsourcing to private firms is a documented approach by the Chinese state to obscure its involvement in cyber operations. The campaign, known in cybersecurity circles as Silk Typhoon, is linked to the broader HAFNIUM operation, which targeted over 12,700 U.S. entities.
Impact on U.S. Institutions and Response
Among the targets were U.S. universities and research institutions focused on COVID-19 vaccines and treatments. Xu reportedly breached the network of a university in Texas, later accessing and extracting data from researchers’ email accounts. The FBI, demonstrating its global reach, warned that similar perpetrators will face prosecution.
Xu’s co-defendant, Zhang Yu, remains at large, with the FBI urging public assistance in locating him. The FBI’s Houston Field Office leads the investigation, supported by national security prosecutors.
Technical Exploits and Legal Actions
In late 2020, Xu and his accomplices exploited vulnerabilities in Microsoft Exchange Server, a crucial email platform for many organizations. They installed web shells to maintain access, a method linked to HAFNIUM, allowing investigators to connect the dots. These activities targeted a second Texas university and a global law firm, emphasizing intelligence collection over financial motives.
The U.S. Justice Department, in April 2021, took action to remove numerous web shells from compromised systems. By July 2021, the U.S. and its allies officially attributed the HAFNIUM campaign to China’s MSS.
For further updates, follow our coverage on Google News, LinkedIn, and other platforms.
