Xu Zewei, a Chinese national accused of belonging to a state-backed hacking group, was extradited from Milan to the U.S. and is being held in Houston on charges tied to intrusions that allegedly stole COVID-19 vaccine research from a Texas university. U.S. prosecutors say he participated in the HAFNIUM (aka Silk Typhoon) and Microsoft Exchange server attacks at the direction of China’s Ministry of State Security and Shanghai State Security Bureau, and he faces up to 77 years in prison if convicted. #HAFNIUM #MicrosoftExchange
Keypoints
- Xu Zewei was arrested in Milan in July 2025 and extradited to the U.S., where he is held at the Houston Federal Detention Center.
- He faces a nine-count indictment alleging involvement in HAFNIUM intrusions and the 2021 Microsoft Exchange attacks.
- Prosecutors allege Xu acted on orders from China’s Ministry of State Security (MSS) and the Shanghai State Security Bureau (SSSB).
- Authorities say HAFNIUM’s campaign compromised thousands of computers worldwide and targeted U.S. universities and COVID-19 researchers.
- Xu denies the allegations, claims mistaken identity, faces up to 77 years if convicted, and his alleged co-conspirator Zhang Yu remains at large.
Read More: https://therecord.media/chinese-hacker-italy-extradited