A Chinese national has been arrested in Milan, Italy, on charges related to U.S. computer intrusions between February 2020 and June 2021. The individual, Xu Zewei, is accused of participating in the HAFNIUM campaign that compromised thousands of computers globally.
Xu was detained at the request of the United States as he arrived from China. He faces charges alongside Zhang Yu, another Chinese national, according to a nine-count indictment unsealed in November 2023. Both are alleged to have conducted computer intrusions under the direction of officers from China's Ministry of State Security's Shanghai State Security Bureau (SSSB).
Nicholas Ganjei, U.S. Attorney for the Southern District of Texas, stated: "The indictment alleges that Xu was hacking and stealing crucial COVID-19 research at the behest of the Chinese government while that same government was simultaneously withholding information about the virus and its origins."
John A. Eisenberg, Assistant Attorney General for the National Security Division said: “This arrest underscores the United States’ patient and tireless commitment to pursuing hackers who seek to steal information belonging to U.S. companies and universities.”
Douglas Williams, FBI Houston Special Agent in Charge commented: “While the world was reeling from a virus that originated in China, the Chinese government plotted to steal U.S. research critical to vaccine development.”
Court documents reveal Xu targeted U.S.-based universities and researchers working on COVID-19 vaccines early in 2020. The charges also allege Xu exploited vulnerabilities in Microsoft Exchange Server during late 2020 as part of a massive campaign known as HAFNIUM.
In March 2021, Microsoft disclosed this intrusion campaign by state-sponsored hackers from China. By July 2021, it was attributed to China's MSS by both international partners and private sector cybersecurity leaders.
Xu faces multiple charges including wire fraud conspiracy with potential prison terms up to 20 years if convicted. Additional charges could lead up to five years or more for unauthorized access offenses.
Zhang remains at large; anyone with information is urged to contact authorities.
The FBI’s Houston Field Office leads this investigation with prosecution by SDTX Assistant U.S. Attorneys S. Mark McIntyre and John Marck along with Deputy Chief Matthew Anzaldi from National Security Cyber Section.
An indictment represents an accusation rather than evidence; defendants are presumed innocent until proven guilty through due process.
