Chinese Hacker Extradited to U.S. Over Alleged State-Backed Cyberattacks
A 34-year-old Chinese national, Xu Zewei, has been extradited from Italy to the U.S. to face charges related to state-sponsored cyberespionage. Xu arrived in Houston, Texas, over the weekend and pleaded not guilty at a federal court hearing on Monday. He is currently detained at the Federal Detention Center in Houston.
Xu was arrested in July 2025 while vacationing in Milan with his wife. U.S. authorities allege he worked under the direction of China’s Ministry of State Security, specifically the Shanghai State Security Bureau, while employed by Shanghai Powerock Network a firm prosecutors describe as a front for Beijing-backed hacking operations.
According to the indictment, Xu and a co-conspirator targeted American universities, immunologists, and virologists in early 2020, attempting to steal COVID-19 research, including vaccine and treatment data. One of the institutions reportedly breached was a Texas university.
Xu is also accused of being part of Hafnium (also known as Silk Typhoon), a Chinese state-backed hacking group responsible for the 2021 Microsoft Exchange Server attacks. Exploiting previously unknown vulnerabilities, the group compromised over 12,700 U.S. organizations including defense contractors, law firms, think tanks, and infectious disease researchers out of more than 60,000 targeted entities.
China has denied involvement, calling the charges fabricated and opposing Xu’s extradition. If convicted on all counts including wire fraud, conspiracy to damage protected computers, and aggravated identity theft Xu could face decades in prison.
The case is notable because most indicted state-sponsored hackers remain beyond U.S. legal reach, residing in countries without extradition agreements. Xu’s arrest highlights the risks for cyber operatives who travel to nations with such treaties. The incident also underscores the persistent threat of state-backed cyberespionage, particularly against critical research and infrastructure.
Source: https://www.bitdefender.com/en-us/blog/hotforsecurity/silk-typhoon-hacker-extradited-united-states
Texas Medical & Sleep Specialists cybersecurity rating report: https://www.rankiteo.com/company/texas-medical-&-sleep-specialists
"id": "TEX1777466725",
"linkid": "texas-medical-&-sleep-specialists",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Education/Research',
'location': 'Texas, USA',
'name': 'Texas university (unnamed)',
'type': 'Educational Institution'},
{'industry': 'Defense, Legal, Research, Healthcare',
'location': 'USA',
'name': 'Defense contractors, law firms, think tanks, '
'infectious disease researchers',
'type': 'Various'}],
'attack_vector': 'Exploitation of zero-day vulnerabilities',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes (identity theft '
'risk)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['COVID-19 research',
'Vaccine and treatment data',
'Sensitive institutional data']},
'description': 'A 34-year-old Chinese national, Xu Zewei, has been extradited '
'from Italy to the U.S. to face charges related to '
'state-sponsored cyberespionage. Xu is alleged to have worked '
'under the direction of China’s Ministry of State Security, '
'targeting American universities, immunologists, and '
'virologists to steal COVID-19 research, including vaccine and '
'treatment data. He is also accused of being part of the '
'Hafnium hacking group responsible for the 2021 Microsoft '
'Exchange Server attacks.',
'impact': {'data_compromised': 'COVID-19 research, vaccine and treatment '
'data, sensitive institutional data',
'identity_theft_risk': 'Aggravated identity theft',
'operational_impact': 'Compromise of over 12,700 U.S. '
'organizations',
'systems_affected': 'Microsoft Exchange Servers'},
'initial_access_broker': {'high_value_targets': 'Universities, immunologists, '
'virologists, defense '
'contractors, law firms, '
'think tanks'},
'investigation_status': 'Ongoing',
'motivation': 'State-sponsored espionage, theft of COVID-19 research and '
'intellectual property',
'post_incident_analysis': {'root_causes': 'State-sponsored cyberespionage, '
'exploitation of zero-day '
'vulnerabilities in Microsoft '
'Exchange Server'},
'references': [{'source': 'U.S. Department of Justice'}],
'regulatory_compliance': {'legal_actions': 'Wire fraud, conspiracy to damage '
'protected computers, aggravated '
'identity theft'},
'response': {'law_enforcement_notified': 'Yes (FBI, U.S. federal '
'authorities)'},
'threat_actor': 'Hafnium (Silk Typhoon)',
'title': 'Chinese Hacker Extradited to U.S. Over Alleged State-Backed '
'Cyberattacks',
'type': 'Cyberespionage',
'vulnerability_exploited': 'Zero-day vulnerabilities in Microsoft Exchange '
'Server'}