Jul 09, 2025Ravie LakshmananCyber Espionage / Risk Intelligence
A Chinese language nationwide has been arrested in Milan, Italy, for his alleged hyperlinks to a state-sponsored hacking group often known as Silk Hurricane and for finishing up cyber assaults towards American organizations and authorities companies.
The 33-year-old, Xu Zewei, has been charged with 9 counts of wire fraud and conspiracy to trigger injury to and procure data by unauthorized entry to protected computer systems, in addition to committing aggravated identification theft. Particulars of the arrest had been first reported by Italian media.
Xu is alleged to have been concerned within the U.S. pc intrusions between February 2020 and June 2021, together with a mass assault spree that leveraged then-zero-day flaws in Microsoft Alternate Server, a cluster of exercise the Home windows maker designed as Hafnium.
The suspect can be accused of taking part in China’s espionage efforts throughout the COVID-19 pandemic, trying to realize entry to vaccine analysis at numerous U.S. universities, together with the College of Texas.
Xu, alongside co-defendant and Chinese language nationwide Zhang Yu, are believed to have undertaken the assaults based mostly on instructions given by the Ministry of State Safety’s (MSS) Shanghai State Safety Bureau (SSSB).
“Starting in late 2020, Xu and his co-conspirators exploited sure vulnerabilities in Microsoft Alternate Server, a broadly used Microsoft product for sending, receiving and storing e-mail messages,” the Justice Division mentioned. “Their exploitation of Microsoft Alternate Server was allegedly on the forefront of an enormous marketing campaign focusing on hundreds of computer systems worldwide and recognized publicly as ‘Hafnium.'”
Silk Hurricane, which overlaps with UNC5221, is understood for its use of zero-day vulnerabilities and profitable compromises of know-how companies in provide chain assaults. The group is claimed to have focused over 60,000 U.S. entities, efficiently victimizing greater than 12,700 with the intention to steal delicate data by the Hafnium marketing campaign.
The Justice Division has additionally claimed that Zewei labored for a corporation named Shanghai Powerock Community Co. Ltd. when the assaults had been carried out, lending additional credence to different experiences that China is leveraging an array of contractors and personal companies to launch state-sponsored espionage campaigns in an effort to obscure the federal government’s involvement.
In line with a report from Reuters, Xu has opposed the extradition request, claiming a case of mistaken identification. Xu’s lawyer added his surname is sort of frequent in China and that his cell phone had been stolen from him in 2020.
“Sadly, the influence of this arrest will not be felt instantly. There are a number of groups composed of dozens of operators who’re going to proceed to hold out cyber espionage,” John Hultquist, Chief Analyst, Google Risk Intelligence Group (GTIG), mentioned in an announcement shared with The Hacker Information.
“Authorities sponsors should not going to be deterred. The arrest is unlikely to deliver operations to a halt and even considerably gradual them, however it could give a few of these gifted younger hackers a purpose to assume twice earlier than getting concerned on this work.”
Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.
