A Chinese national identified as Xu Zewei, alleged to be associated with the Silk Typhoon hacking group, has been sacked and transferred to the United States from Italy following cyber espionage charges. The case involves accusations of coordinated cyber intrusions targeting American institutions, including universities and government-linked research bodies, during the early years of the COVID-19 pandemic. Authorities state the activity focused heavily on stealing sensitive vaccine and medical research data between February 2020 and June 2021.
According to U.S. legal filings, Xu Zewei, aged 34, was sacked by Italian authorities in July 2025 over alleged involvement in state-linked cyber operations attributed to Chinese threat actors. The accusations state that he worked alongside co defendant Zhang Yu under direction from the Ministry of State Security Shanghai State Security Bureau. The operations reportedly included exploitation of vulnerabilities in Microsoft Exchange Server systems, which were widely tracked under the threat cluster known as Hafnium. These exploits allowed attackers to gain unauthorized access to email servers, deploy web shells, and maintain remote control over compromised systems. The U.S. Department of Justice has stated that the attacks specifically targeted immunologists, virologists, and research institutions involved in COVID-19 vaccine development, testing, and treatment studies.
Investigators further allege that Xu was employed by Shanghai Powerock Network Co. Ltd. during the period of the cyber intrusions. This company has been described in the indictment as one of several enabling entities within China that allegedly supported cyber operations linked to state objectives. The Department of Justice has claimed that such companies provided technical infrastructure and operational support for hacking activities directed at foreign targets. The indictment includes nine counts, ranging from wire fraud to conspiracy to cause damage through unauthorized access to protected computer systems, along with aggravated identity theft charges. These charges reflect a broader legal framework used by U.S. authorities to address cross border cyber intrusions affecting critical infrastructure and sensitive research environments.
The allegations also state that the group engaged in systematic targeting of U.S. based universities and healthcare related research networks during the height of global COVID-19 response efforts. Officials claim that the objective was to obtain proprietary scientific data and gain early access to vaccine related developments. Beginning in late 2020, the exploitation of Microsoft Exchange Server vulnerabilities intensified, enabling attackers to scale their access across multiple organizations. Xu Zewei has denied any involvement in government directed hacking operations, asserting through legal representation that his presence in Milan at the time of the sacking was purely for personal travel with his spouse and that he is a victim of mistaken identity. During court proceedings, he entered a not guilty plea. Co defendant Zhang Yu remains unlocated as legal proceedings continue in the United States following the transfer from Italy.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
