Chinese Silk Typhoon Hacker Extradited to US from Italy
Key Takeaways A Chinese national, Xu Zewei, accused of state-sponsored hacking as part of the “Silk Typhoon” (HAFNIUM) group, has been extradited from Italy to the U.S. Xu faces a...
Key Takeaways
- A Chinese national, Xu Zewei, accused of state-sponsored hacking as part of the “Silk Typhoon” (HAFNIUM) group, has been extradited from Italy to the U.S.
- Xu faces a nine-count federal indictment for intrusions between February 2020 and June 2021, targeting U.S. organizations, including COVID-19 researchers and legal firms.
- The alleged operations were directed by China’s Ministry of State Security (MSS) and conducted through a private technology firm, Shanghai Powerock Network Co. Ltd. (Powerock).
- The campaign involved exploiting Microsoft Exchange Server vulnerabilities and deploying web shells for persistent access, impacting over 12,700 U.S. entities.
A Chinese national, implicated in a prominent state-sponsored cyber espionage campaign, has been successfully extradited from Italy to the United States to face federal charges.
Table Of Content
Xu Zewei, 34, a citizen of the People’s Republic of China, arrived in the U.S. over the recent weekend and made his initial appearance in U.S. District Court in Houston, Texas, on April 27, 2026. He is currently facing a nine-count federal indictment detailing a series of computer intrusions.
These alleged cyber operations occurred between February 2020 and June 2021, a period coinciding with the global COVID-19 pandemic and the emergence of the notorious HAFNIUM hacking group. The indictment against Xu Zewei is available for review in the court documents.
State-Sponsored Cyber Espionage
The alleged activities of Xu Zewei transcend typical cybercrime. Court filings indicate that officers from China’s Ministry of State Security (MSS), specifically its Shanghai State Security Bureau (SSSB), directly orchestrated Xu’s intrusions. At the time of these operations, Xu was employed by Shanghai Powerock Network Co. Ltd. (Powerock), a private Chinese technology firm. Prosecutors contend that Powerock is one of several “enabling” companies utilized by the Chinese government to mask its direct involvement in sophisticated cyber operations.
This model, where Beijing contracts private entities for espionage, has become a recognized pattern in Chinese state-sponsored cyber activity. The U.S. Department of Justice (DOJ) explicitly linked Xu’s alleged hacking to the core activities of the HAFNIUM campaign, a group now widely identified within the cybersecurity community as Silk Typhoon. The DOJ’s press release on the extradition provides additional details on the case here.
The HAFNIUM campaign is credited with compromising over 12,700 U.S. organizations across diverse sectors, including academic institutions, legal services, and government-affiliated entities. Brett Leatherman, Assistant Director of the FBI Cyber Division, emphasized that this extradition demonstrates the FBI’s extensive global reach, issuing a clear warning that individuals conducting similar operations on behalf of China will face prosecution.
Targeting COVID-19 Research
Beginning in early 2020, Xu and his co-conspirators prioritized U.S.-based universities, virologists, and immunologists actively engaged in critical research concerning COVID-19 vaccines, treatments, and testing methodologies. On or around February 19, 2020, Xu reportedly confirmed to an SSSB officer that he had successfully breached the network of a research university located in the Southern District of Texas. Days later, this officer allegedly instructed Xu to access specific email accounts belonging to scientists involved in COVID-19 research. Xu subsequently confirmed the exfiltration of the complete contents of these researchers’ mailboxes, reporting his success to his SSSB handlers. Further details on these specific incidents are available in the <a href="https://ppl-ai-file-upload.s3.amazonaws.com/web/direct-files/attachments/11146061/cecd4baf-393d-4a57-8477-ed9c8416563e/Chinese-Silk-Typhoon-Hacker-extradited-to-the-U.S.-from-Italy.pdf?AWSAccessKeyId=ASIA2F3EMEYE72BOURXD&Signature=6KJj04hTqxcd4fexNKYdSNTjcHs%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBUaCXVzLWVhc3QtMSJHMEUCIHSklfkL3pQqx1ULOSm7hkwApSK507Y4%2BQ1RaGBU8aWNAiEAqSE%2FFpcJtigCYxhJMqKYvghQ91nrPDGoSk5RP%2FlLzGUq%2FAQI3f%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDGUqf8MBWGxP3wxldirQBMNrSud6ljTcQwOqO4HhM2aL%2Fsmn2ljeccO3gl3FWImgZTGZYUHJrnYITTzyyQbmM%2FTX%2FzMw6TvCC2zeOVSq5oJQmjsKmkyqYaHUTY1NslHewsxeZoYg2q8qcPsx8JE9erxJWjyliSiQmSMKerifL9mW6M1zPNwMkWDiAYV8jMVGIDXMLjTVgJJV5Wkou0WQIsFhh8opEfdLfKUrq5foedpNKnLem%2BTEgtTR1CkxG4fG%2FO9wfdTQGrmrou7insqdxjdL2W%2FbTwoAYRhAZAncFqsLfTYbj6FGqN6cjByS0016IA994xPKbZtscLNxYBr%2FmwY0Mg8kirivT%2Bl02qPYp2Nj3HoEbXhJCfvQ5D7j0E%2Brug6AIH8WaIHAJXI%2Byg9cSmyRBWXjKRuaom5X%2BEd%2FQ%2B3GpH1wg%2FQI57%2FzZkJE6trFdxdPavazZzth1SgRF%2BGd%2B0yP7CWYUM7JDztQ9xyWxDSVp%2F2J2JOiEVYJlNAAGRpnsFEkdqXJl2%2Bx3TJpmNc5HIuGbUlh82W5N%2FKEQMWHTygThU3VVQWxDeOd2E7S5YZl%2BHm%2B%2F3JAEuQvPFzrHTCK0ZgECrKScWQ3EG7kWVZBqje60RDxPGK2hb4IMyVFFY1ZqqwJoyT0gvyUQ%2F%2B%2Bk6p0kICmBPi0%2BhBDS5zSzCeWnwpM0RdRjbwMfg%2FRe1e1ZdnTA43qRhJp6X%2F81mbR%2BHbNCEvmPhYNu9JH9wbbe8STyEckF%2FJUH%2BGu52zMkJhb%2FLvI2qd4CBqBB92bQ7zOWZDtLI3K29qZPe7FDFQXDASUqYowx8bCzwY6mAExCQv8QPthqhLvLxm%2FfFfRGIw55grsnKs0HhMpQRZ%2FTytkm2IPHRbn8%2F92MTibGkN8y7QIlIjgb7rVpKCAingllIlvhDJLGAtY%2BfF6AMoaZYrFB6XxvsoT7a3vCTbjG8DEKsCnWOqrj1uJ%2FVSQFjfFxmMGqZdgV40yFG0CBEMLW9uXa9wGMUEW8M99pxRAgdY0G0KU2kv99Q%3D%3D&Expires=177738093
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.