Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
PureLog Stealer Uses Blogspot and PowerShell to Deliver Malware
July 3, 2026
FBI Warns TeamPCP Hackers Exploit Developer Tools in Supply Chain Attacks
July 3, 2026
SharkLoader Malware Uses Fake Cisco AnyConnect, Google Updates
July 3, 2026
Home/Threats/Chinese Silk Typhoon Hacker Extradited to US from Italy
Threats

Chinese Silk Typhoon Hacker Extradited to US from Italy

Key Takeaways A Chinese national, Xu Zewei, accused of state-sponsored hacking as part of the “Silk Typhoon” (HAFNIUM) group, has been extradited from Italy to the U.S. Xu faces a...

Marcus Rodriguez
Marcus Rodriguez
April 28, 2026 3 Min Read
43 0

Key Takeaways

  • A Chinese national, Xu Zewei, accused of state-sponsored hacking as part of the “Silk Typhoon” (HAFNIUM) group, has been extradited from Italy to the U.S.
  • Xu faces a nine-count federal indictment for intrusions between February 2020 and June 2021, targeting U.S. organizations, including COVID-19 researchers and legal firms.
  • The alleged operations were directed by China’s Ministry of State Security (MSS) and conducted through a private technology firm, Shanghai Powerock Network Co. Ltd. (Powerock).
  • The campaign involved exploiting Microsoft Exchange Server vulnerabilities and deploying web shells for persistent access, impacting over 12,700 U.S. entities.

A Chinese national, implicated in a prominent state-sponsored cyber espionage campaign, has been successfully extradited from Italy to the United States to face federal charges.

Table Of Content

  • Key Takeaways
  • State-Sponsored Cyber Espionage
  • Targeting COVID-19 Research

Xu Zewei, 34, a citizen of the People’s Republic of China, arrived in the U.S. over the recent weekend and made his initial appearance in U.S. District Court in Houston, Texas, on April 27, 2026. He is currently facing a nine-count federal indictment detailing a series of computer intrusions.

These alleged cyber operations occurred between February 2020 and June 2021, a period coinciding with the global COVID-19 pandemic and the emergence of the notorious HAFNIUM hacking group. The indictment against Xu Zewei is available for review in the court documents.

State-Sponsored Cyber Espionage

The alleged activities of Xu Zewei transcend typical cybercrime. Court filings indicate that officers from China’s Ministry of State Security (MSS), specifically its Shanghai State Security Bureau (SSSB), directly orchestrated Xu’s intrusions. At the time of these operations, Xu was employed by Shanghai Powerock Network Co. Ltd. (Powerock), a private Chinese technology firm. Prosecutors contend that Powerock is one of several “enabling” companies utilized by the Chinese government to mask its direct involvement in sophisticated cyber operations.

This model, where Beijing contracts private entities for espionage, has become a recognized pattern in Chinese state-sponsored cyber activity. The U.S. Department of Justice (DOJ) explicitly linked Xu’s alleged hacking to the core activities of the HAFNIUM campaign, a group now widely identified within the cybersecurity community as Silk Typhoon. The DOJ’s press release on the extradition provides additional details on the case here.

The HAFNIUM campaign is credited with compromising over 12,700 U.S. organizations across diverse sectors, including academic institutions, legal services, and government-affiliated entities. Brett Leatherman, Assistant Director of the FBI Cyber Division, emphasized that this extradition demonstrates the FBI’s extensive global reach, issuing a clear warning that individuals conducting similar operations on behalf of China will face prosecution.

Targeting COVID-19 Research

Beginning in early 2020, Xu and his co-conspirators prioritized U.S.-based universities, virologists, and immunologists actively engaged in critical research concerning COVID-19 vaccines, treatments, and testing methodologies. On or around February 19, 2020, Xu reportedly confirmed to an SSSB officer that he had successfully breached the network of a research university located in the Southern District of Texas. Days later, this officer allegedly instructed Xu to access specific email accounts belonging to scientists involved in COVID-19 research. Xu subsequently confirmed the exfiltration of the complete contents of these researchers’ mailboxes, reporting his success to his SSSB handlers. Further details on these specific incidents are available in the <a href="https://ppl-ai-file-upload.s3.amazonaws.com/web/direct-files/attachments/11146061/cecd4baf-393d-4a57-8477-ed9c8416563e/Chinese-Silk-Typhoon-Hacker-extradited-to-the-U.S.-from-Italy.pdf?AWSAccessKeyId=ASIA2F3EMEYE72BOURXD&Signature=6KJj04hTqxcd4fexNKYdSNTjcHs%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBUaCXVzLWVhc3QtMSJHMEUCIHSklfkL3pQqx1ULOSm7hkwApSK507Y4%2BQ1RaGBU8aWNAiEAqSE%2FFpcJtigCYxhJMqKYvghQ91nrPDGoSk5RP%2FlLzGUq%2FAQI3f%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDGUqf8MBWGxP3wxldirQBMNrSud6ljTcQwOqO4HhM2aL%2Fsmn2ljeccO3gl3FWImgZTGZYUHJrnYITTzyyQbmM%2FTX%2FzMw6TvCC2zeOVSq5oJQmjsKmkyqYaHUTY1NslHewsxeZoYg2q8qcPsx8JE9erxJWjyliSiQmSMKerifL9mW6M1zPNwMkWDiAYV8jMVGIDXMLjTVgJJV5Wkou0WQIsFhh8opEfdLfKUrq5foedpNKnLem%2BTEgtTR1CkxG4fG%2FO9wfdTQGrmrou7insqdxjdL2W%2FbTwoAYRhAZAncFqsLfTYbj6FGqN6cjByS0016IA994xPKbZtscLNxYBr%2FmwY0Mg8kirivT%2Bl02qPYp2Nj3HoEbXhJCfvQ5D7j0E%2Brug6AIH8WaIHAJXI%2Byg9cSmyRBWXjKRuaom5X%2BEd%2FQ%2B3GpH1wg%2FQI57%2FzZkJE6trFdxdPavazZzth1SgRF%2BGd%2B0yP7CWYUM7JDztQ9xyWxDSVp%2F2J2JOiEVYJlNAAGRpnsFEkdqXJl2%2Bx3TJpmNc5HIuGbUlh82W5N%2FKEQMWHTygThU3VVQWxDeOd2E7S5YZl%2BHm%2B%2F3JAEuQvPFzrHTCK0ZgECrKScWQ3EG7kWVZBqje60RDxPGK2hb4IMyVFFY1ZqqwJoyT0gvyUQ%2F%2B%2Bk6p0kICmBPi0%2BhBDS5zSzCeWnwpM0RdRjbwMfg%2FRe1e1ZdnTA43qRhJp6X%2F81mbR%2BHbNCEvmPhYNu9JH9wbbe8STyEckF%2FJUH%2BGu52zMkJhb%2FLvI2qd4CBqBB92bQ7zOWZDtLI3K29qZPe7FDFQXDASUqYowx8bCzwY6mAExCQv8QPthqhLvLxm%2FfFfRGIw55grsnKs0HhMpQRZ%2FTytkm2IPHRbn8%2F92MTibGkN8y7QIlIjgb7rVpKCAingllIlvhDJLGAtY%2BfF6AMoaZYrFB6XxvsoT7a3vCTbjG8DEKsCnWOqrj1uJ%2FVSQFjfFxmMGqZdgV40yFG0CBEMLW9uXa9wGMUEW8M99pxRAgdY0G0KU2kv99Q%3D%3D&Expires=177738093

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachCybersecurityExploitHackerSecurity

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

WhatsApp Tests E2EE Cloud Backups, Bypassing Google Drive and iCloud

Next Post

Critical LiteLLM SQL Injection Flaw Exploited in the Wild

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical WatchGuard Firebox OS Flaws Let Attackers Execute Code
July 3, 2026
Critical Microsoft Exchange SSRF Vulnerability Gets Public PoC Exploit
July 3, 2026
North Korean Hackers Conceal JavaScript Loaders in Open Source Repos
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us