A citizen of the People’s Republic of China, Xu Zewei, appeared in Houston federal court on April 27 following his extradition from Italy to face a nine-count indictment related to computer intrusions between February 2020 and June 2021.
The case is significant due to its connection with major cyberattacks, including the HAFNIUM campaign that targeted thousands of computers worldwide and U.S. COVID-19 research during the pandemic. The U.S. Attorney for the Southern District of Texas focuses on prosecuting federal crimes and handling civil cases for the government, according to the official website.
Xu, age 34, is accused alongside Zhang Yu in a series of intrusions allegedly directed by officers from China’s Ministry of State Security’s Shanghai State Security Bureau. Court documents allege Xu worked for Shanghai Powerock Network Co. Ltd., described as one among several Chinese companies enabling government-sponsored hacking operations.
“Today, Xu Zewei will stand in a federal courtroom to answer for crimes that struck at the heart of American science and security — allegedly stealing COVID-19 research from our universities when the world needed it most,” said Acting U.S. Attorney John G.E. Marck for the Southern District of Texas. “We have pursued this moment across years and continents, and the message this office sends today is the same one we sent when we first unsealed this indictment: we will work to protect the American people.”
Assistant Attorney General for National Security John A. Eisenberg said: “The United States is committed to pursuing hackers who steal information from U.S. businesses and universities and threaten our cybersecurity.” Assistant Director Brett Leatherman of the FBI's Cyber Division added: “Xu will now answer for his alleged role in HAFNIUM... He is one of many contractors the Chinese government uses to obscure its hand in cyber operations.”
According to court records, Xu targeted email accounts belonging to virologists and immunologists researching COVID‑19 at universities located within Texas' Southern District under direct supervision by SSSB officers. The charges also detail how he exploited vulnerabilities in Microsoft Exchange Server as part of a broader campaign publicly attributed by Microsoft and international partners to state-sponsored actors operating out of China.
Among those affected were another university within Texas’ Southern District as well as an international law firm with offices including Washington D.C., where web shells were installed allowing remote access and searches focused on topics such as "Chinese sources," "MSS," and "HongKong." In July 2025, officials described how networks like Powerock cast wide nets exploiting systems globally—sometimes selling stolen data not just back to PRC agencies but also third parties.
If convicted on all counts—including conspiracy, wire fraud, unauthorized computer access, intentional damage, identity theft—Xu faces up to decades in prison depending on sentencing outcomes per charge guidelines outlined by prosecutors.
The FBI’s Houston Field Office leads investigation efforts while Assistant U.S. Attorney S. Mark McIntyre prosecutes alongside Deputy Chief Matthew Anzaldi; Italian authorities assisted with arrest procedures abroad.
The U.S. Attorney for the Southern District of Texas has had notable leaders such as Alamdar Hamdani (2022–2025) among others listed on its official history page according to its official history page (https://www.justice.gov/usao-sdtx/former-leaders). Its jurisdiction covers Houston plus five other cities across forty-three counties serving over nine million residents employing more than two hundred attorneys according to details provided by their official website (https://www.justice.gov/usao-sdtx/about-us).
