Xu Zewei was extradited from Italy to the United States and formally charged for his alleged role in a massive pandemic-era intrusion campaign that compromised nearly 13,000 U.S. organizations. The indictment accuses him and co-conspirators of exploiting zero-day vulnerabilities in Microsoft Exchange Server to steal COVID-19 research and conduct espionage directed by China’s intelligence services as part of the HAFNIUM/Silk Typhoon campaign. #HAFNIUM #MicrosoftExchangeServer
Keypoints
- Xu Zewei was arrested in Milan, extradited to the U.S., and made his first appearance in federal court in the Southern District of Texas.
- He is accused of exploiting zero-day flaws in Microsoft Exchange Server to steal vaccine, treatment, and testing research during the pandemic.
- U.S. officials say the attacks were directed by China’s Ministry of State Security and are tied to the HAFNIUM/Silk Typhoon espionage campaign.
- The campaign targeted infectious disease experts, law firms, universities, defense contractors, think tanks, and government-related entities.
- Xu faces multiple charges including wire fraud, unauthorized access, identity theft, and could face up to 62 years in prison; a co-defendant, Zhang Yu, remains at large.
Read More: https://cyberscoop.com/xu-zewei-extradited-china-national-silk-typhoon-hafnium/