A Chinese citizen, implicated in state-sponsored cyber intrusions, has been extradited to the United States from Italy. This development was confirmed by the Department of Justice over the recent weekend.
Background of the Accused
The accused, Xu Zewei, aged 34, was apprehended in July 2025. His arrest followed numerous charges in the United States for orchestrating cyberattacks, notably those linked to the Silk Typhoon group, also identified as Hafnium and Murky Panda. Among the targets were American educational institutions.
According to the Department of Justice, Xu carried out these cyber activities on behalf of China’s Ministry of State Security and the Shanghai State Security Bureau. His employer, Shanghai Powerock Network, is reputed for aiding China’s cyber warfare initiatives.
Details of the Cyberattacks
As per court documents, from early 2020 until 2021, Xu and his associates attacked US universities and researchers involved in COVID‑19 studies. They reported their breaches to officers of the Shanghai State Security Bureau.
One notable incident involved breaching a Texas university’s network. Xu was tasked with infiltrating email accounts of virologists and immunologists, subsequently relaying extracted data back to the bureau.
In late 2020, Xu’s group allegedly exploited Microsoft Exchange Server vulnerabilities, impacting numerous global systems, including another Texas university and a multinational law firm.
Legal Proceedings and Future Outlook
Following these breaches, web shells were installed on compromised systems, granting remote access to attackers. In April 2021, the FBI conducted a sanctioned cyber operation to remove these web shells from hundreds of US-based systems.
This week, Xu appeared in a Houston District Court. He is facing nine charges, including wire fraud, computer hacking, and identity theft, with the potential for a lengthy prison sentence.
An additional suspect, Zhang Yu, aged 44, remains unapprehended.
The extradition and subsequent legal actions underscore the US’s commitment to addressing international cyber threats and safeguarding its technological interests.
