Chinese hacker extradited to face charges in major cyber intrusion case.
A 34-year-old man from China has been brought to the United States to face federal charges tied to a large hacking effort that affected thousands of computer systems. The case centers on claims that he took part in cyberattacks between early 2020 and mid-2021, including actions tied to a well-known campaign that targeted email servers used by businesses, schools, and other groups. Authorities say the Chinese hacker, Xu Zewei, worked with others and acted under direction from Chinese state security officials.
According to court papers, Xu was linked to a group that broke into computer networks across the world, including many in the United States. Some of those attacks are said to be part of what has been called the HAFNIUM campaign, which focused on weak points in widely used email server software. That campaign drew global attention after it was made public in 2021 and led to urgent warnings and fixes from tech companies and government agencies. Investigators believe thousands of groups were affected, including many based in the United States.
Officials also say Xu and his partners targeted research tied to COVID-19 during the early days of the pandemic. At that time, scientists were racing to learn more about the virus and to develop tests, treatments, and vaccines. Court records claim that Xu gained access to networks at a university in Texas and then followed instructions to break into email accounts belonging to researchers. He later reported back that he had obtained messages and other data from those accounts.
The case claims that Xu worked for a private company in China that carried out hacking work tied to the government. Authorities say such companies are often used to hide direct links to state activity. This setup, they argue, allows officials to collect data while keeping some distance from the actions. The same records state that Xu and another man, Zhang Yu, worked together on several of the attacks, though Zhang has not been arrested.
Later in 2020 and into 2021, the alleged activity expanded to include attacks on email servers using known weak spots in a popular system made by Microsoft. By placing hidden tools known as web shells on these systems, the group could return later and keep access without being noticed. These tools allowed them to read emails, search for key terms, and gather more data over time. Among those affected were another Texas-based university and a law firm with offices in the United States and abroad.
Authorities say that in some cases, the attackers searched email accounts for terms tied to government work and China-related topics. This suggests an interest in both research and policy matters. The case also describes how the broader network of hackers cast a wide net, sometimes collecting data that may not have had clear value to the Chinese government. That data could then be sold or shared with others, raising concerns about long-term risks to both private groups and public systems.
The charges against the Chinese hacker include several counts tied to fraud, computer damage, and identity theft. If found guilty, he could face many years in prison. Officials stress that the case has taken years to build and involved work across different countries. Italian law enforcement played a role in his arrest before he was sent to the United States.
Federal officials say the case sends a message that cyberattacks tied to foreign governments will be pursued, even when suspects are located overseas. They also point to the ongoing need for strong security measures, as attacks on computer systems continue to affect many parts of daily life, from schools and hospitals to law firms and research centers.
Xu appeared in court in Texas after arriving in the country. The legal process will now move forward, where evidence will be reviewed and arguments presented. As with all criminal cases in the United States, he is considered innocent unless proven guilty in court.
Sources:
Prolific Chinese State-Sponsored Contract Hacker Extradited from
Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks
Join the conversation!