A Chinese hacker named Xu Zewei has been arrested in Italy after U.S. authorities accused him of being involved in state-sponsored cyberattacks targeting American institutions. He was taken into custody on July 3, 2025, at Milan’s Malpensa Airport, just before he was about to board a flight. The arrest was made at the request of the U.S. Department of Justice (DOJ) under a federal warrant.
Xu is 33 years old and works in the IT field. According to U.S. officials, he is not just a regular hacker but is connected to China’s Ministry of State Security (MSS). They claim he worked through a contractor company called Shanghai Powerock, which has been linked to China’s cyber intelligence operations. He is believed to be part of the Silk Typhoon group, also known as HAFNIUM, a hacking group previously tied to major cyberattacks across the globe.
Between February 2020 and June 2021, Xu and his associates reportedly carried out a series of hacking operations that targeted U.S. universities, businesses, and government systems. One of the biggest targets was a Texas-based university, where hackers gained unauthorized access to the email accounts of virologists and immunologists to steal valuable COVID-19 research during the peak of the pandemic.
The U.S. Justice Department has charged Xu with a nine-count indictment filed in the Southern District of Texas. These charges include wire fraud, aggravated identity theft, and conspiracy to access protected computers without authorization. The investigation also found that Xu was involved in a 2021 operation where hackers took advantage of flaws in Microsoft Exchange servers. This vulnerability allowed them to plant malicious software known as web shells, which gave them long-term access to thousands of systems worldwide.
The hacking activity didn’t just stop at educational institutions. Xu is also accused of targeting a law firm in Washington, D.C., and several U.S. businesses. U.S. authorities say these attacks were not random but part of a bigger strategy to collect confidential data for China’s benefit. The stolen data included trade secrets, sensitive communications, and medical research data that could be used by the Chinese government or private firms aligned with it.
Another man, Zhang Yu, aged 44, was named as a co-defendant in the case, but he is still on the run. The DOJ believes both men operated as part of a broader network of state-backed contractors helping China carry out cyberespionage on a global scale.
Xu is currently being held in Italy as the court reviews the U.S. request for extradition. He appeared before an Italian judge earlier this week. His defense lawyer claimed it was a case of mistaken identity, saying someone else used Xu’s name and SIM card. However, U.S. prosecutors believe they have strong digital evidence directly linking Xu to the attacks.
This arrest is part of a bigger effort by the U.S. and its allies to push back against growing threats from state-sponsored cybercriminals. The case highlights how hackers are now targeting critical infrastructure, healthcare data, and academic research, especially during vulnerable times like the COVID-19 pandemic.
Government officials and cybersecurity experts say this case sends a strong message to foreign hackers and their sponsors. However, some also point out that while these arrests are important, they may not fully stop the wave of cyberattacks unless there is broader international cooperation and stricter cyber laws.
This incident adds to the already tense relationship between the U.S. and China over cybersecurity, trade, and national security issues. As the legal case moves forward, Xu Zewei could face serious prison time if extradited and convicted in the United States.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
