U.S. universities: Italy extradites alleged Chinese state hacker to US

Chinese National Extradited to U.S. Over Alleged State-Backed Cyberattacks on COVID-19 Research

A Chinese national, Xu Zewei, was extradited from Milan to the U.S. on Saturday after Italian authorities arrested him in July 2025. Xu faces charges of wire fraud, aggravated identity theft, and unauthorized access to protected computers, linked to his alleged role in a Chinese state-backed hacking group.

U.S. officials accuse Xu of participating in cyber intrusions between February 2020 and June 2021, including the widespread HAFNIUM (Silk Typhoon) attacks that compromised thousands of systems globally. The group, allegedly directed by China’s Ministry of State Security (MSS) and Shanghai State Security Bureau (SSSB), targeted U.S. universities, immunologists, and virologists working on COVID-19 vaccine research. Court documents claim Xu breached a Texas university’s network and reported findings to SSSB supervisors.

The HAFNIUM campaign, which exploited vulnerabilities in Microsoft Exchange Servers, affected over 60,000 U.S. entities, with more than 12,700 successfully compromised, according to the FBI. Xu’s alleged co-conspirator, Zhang Yu, remains at large.

Xu, who denies involvement, was detained while vacationing in Milan with his wife. His extradition drew criticism from China’s Foreign Ministry. If convicted on all charges, he faces up to 77 years in prison. The case underscores ongoing tensions over state-sponsored cyber espionage targeting critical research and infrastructure.

Source: https://therecord.media/chinese-hacker-italy-extradited

U.S.-China Economic and Security Review Commission cybersecurity rating report: https://www.rankiteo.com/company/u.s.-china-economic-and-security-review-commission

"id": "U.S1777308160",
"linkid": "u.s.-china-economic-and-security-review-commission",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Education/Research',
                        'location': 'Texas, USA',
                        'name': 'Texas university (unspecified)',
                        'type': 'University'},
                       {'industry': 'Education/Research, Healthcare',
                        'location': 'USA',
                        'name': 'U.S. universities, immunologists, and '
                                'virologists',
                        'type': 'Multiple entities'}],
 'attack_vector': 'Exploitation of Microsoft Exchange Server vulnerabilities',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes (aggravated '
                                                        'identity theft '
                                                        'charges)',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['COVID-19 vaccine research',
                                              'Intellectual property']},
 'description': 'A Chinese national, Xu Zewei, was extradited from Milan to '
                'the U.S. after being arrested in July 2025. Xu faces charges '
                'of wire fraud, aggravated identity theft, and unauthorized '
                'access to protected computers, linked to his alleged role in '
                'a Chinese state-backed hacking group. The group targeted U.S. '
                'universities, immunologists, and virologists working on '
                'COVID-19 vaccine research, exploiting vulnerabilities in '
                'Microsoft Exchange Servers as part of the HAFNIUM (Silk '
                'Typhoon) attacks.',
 'impact': {'data_compromised': 'COVID-19 vaccine research data, intellectual '
                                'property',
            'identity_theft_risk': 'Aggravated identity theft',
            'operational_impact': 'Unauthorized access to protected computers '
                                  'and networks',
            'systems_affected': 'Over 60,000 U.S. entities, with 12,700 '
                                'successfully compromised'},
 'initial_access_broker': {'entry_point': 'Microsoft Exchange Server '
                                          'vulnerabilities',
                           'high_value_targets': 'Universities, immunologists, '
                                                 'virologists'},
 'investigation_status': 'Ongoing (Xu extradited, co-conspirator Zhang Yu at '
                         'large)',
 'motivation': ['Theft of COVID-19 vaccine research',
                'Intellectual property theft',
                'State-sponsored espionage'],
 'post_incident_analysis': {'root_causes': 'Exploitation of unpatched '
                                           'Microsoft Exchange Server '
                                           'vulnerabilities, state-sponsored '
                                           'cyber espionage'},
 'references': [{'source': 'U.S. Department of Justice'}, {'source': 'FBI'}],
 'regulatory_compliance': {'legal_actions': 'Wire fraud, aggravated identity '
                                            'theft, unauthorized access to '
                                            'protected computers'},
 'response': {'law_enforcement_notified': 'FBI involved'},
 'threat_actor': ['HAFNIUM (Silk Typhoon)',
                  'Ministry of State Security (MSS)',
                  'Shanghai State Security Bureau (SSSB)'],
 'title': 'Chinese National Extradited to U.S. Over Alleged State-Backed '
          'Cyberattacks on COVID-19 Research',
 'type': ['Cyber Espionage', 'State-Sponsored Attack'],
 'vulnerability_exploited': 'Microsoft Exchange Server vulnerabilities '
                            '(HAFNIUM campaign)'}