CORPUS CHRISTI, Texas — A 34-year-old Chinese national, Xu Zewei, was extradited from Italy to the United States this weekend and appeared Monday in U.S. District Court in Houston on charges related to global computer hacking campaigns.
Xu faces a nine-count indictment for intrusions carried out between February 2020 and June 2021. Prosecutors allege he targeted U.S. COVID-19 research at universities during the height of the pandemic and participated in the widespread HAFNIUM hacking campaign, which compromised thousands of computers worldwide.
HAFNIUM is a state-sponsored, China-based cyber espionage group that launched a massive campaign in early 2021 targeting on-premises Microsoft Exchange Servers. Utilizing four zero-day vulnerabilities (collectively known as ProxyLogon), they stole data, installed web shells, and gained persistent access to thousands of organizations worldwide, including researchers, defense contractors, and NGOs.
Court documents state that officers from China’s Ministry of State Security and its Shanghai State Security Bureau directed the operations. Xu allegedly carried out the hacks while working for Shanghai Powerock Network Co. Ltd., one of several Chinese companies that conduct cyber operations on behalf of the government.
"The United States is committed to pursuing hackers who steal information from U.S. businesses and universities," said John A. Eisenberg. "We look forward to proving our case in court."
U.S. Attorney John G.E. Marck added: "Xu allegedly stole COVID-19 research from our universities when the world needed it most. We will continue to protect the American people."
The FBI’s Brett Leatherman stated: "Xu will now answer for his alleged role in the HAFNIUM campaign, a massive intrusion directed by China’s Ministry of State Security that hit more than 12,700 U.S. organizations. The extradition shows the FBI’s reach extends globally, and we thank Italian law enforcement, particularly the Polizia Postale, for their partnership."
In early 2020, Xu and co-conspirators allegedly breached networks of U.S. universities and researchers working on COVID-19 vaccines, treatments, and testing. He reported directly to Shanghai State Security Bureau officers.
Later, beginning in late 2020, Xu participated in exploiting vulnerabilities in Microsoft Exchange Server as part of the HAFNIUM campaign. Victims included a second university in Texas and an international law firm, from which data on U.S. policymakers was stolen.
Xu faces charges including conspiracy to commit wire fraud (up to 20 years per count), conspiracy to damage protected computers, unauthorized access, intentional damage to computers, and aggravated identity theft.
His alleged co-conspirator, 44-year-old Zhang Yu, remains at large.
The case is being investigated by the FBI’s Houston Field Office, with assistance from the Justice Department’s Office of International Affairs and Italian authorities.
For the latest local news updates, click here, or download the KRIS 6 News App.
Catch all the KRIS 6 News stories and more on our YouTube page. Subscribe today!
