28.04.2026
3 min
201
A Chinese national suspected of working for the state-run hacking group Silk Typhoon has been extradited from Italy to the United States. He is accused of large-scale cyberattacks against American universities and the theft of COVID-19 data.
An Italian court recently approved extradition to the U.S. of Xu Zewei (34), a Chinese citizen and member of the Silk Typhoon hacking group. He was arrested in Italy on July 25th. 2012, as part of an ongoing federal investigation into several major computer hacks against American organizations, and various government agencies.
These hacks occurred over the course of nearly two years beginning in February 2019 through June 2018. The hack of the University of Texas Medical Branch, where scientists working on a Covid vaccine were studying the virus, was among those examined by investigators. The hackers attempted to obtain sensitive scientific data about drug developments using the university’s online systems.
Xu faces 9 criminal counts. The counts include wire fraud; Conspiracy to Unlawfully Access Protected Computers; Aggravated Theft of Personal Information; and others.
Prosecutors also believe Xu acted in conjunction with another hacker, Zhang Yu, whose whereabouts remain unknown. Prosecutors believe that both hackers received orders and directions from members of the Shanghai State Security Bureau. The State Security Bureau is a division of the Ministry of State Security for the People’s Republic of China.
As noted earlier, some of the attacks involved exploiting previously identified vulnerabilities in Microsoft Exchange. At the time of those vulnerabilities, hackers used them to gain server access and install a “web shell,” which allowed them to remotely administer servers.
According to prosecutors, Xu worked for Shanghai Powerock Network Co., Ltd., when the hacking occurred. Such entities serve as middlemen, acting on behalf of the state and performing hacking services for it.
“Between early January 2020, and late May 2020, Xu and his conspirators committed a number of hacks and computer intrusions against American universities, researchers focused on developing treatments or testing COVID-19 vaccines,” said a press release issued today by the U.S. Department of Justice.
