A man accused of launching cyberattacks on behalf of the Chinese government has been extradited to the United States and is being held in Houston, Texas, awaiting trial. According to charges previously announced by the U.S. Department of Justice, the man, Xu Zewei, is accused of serving as an outsourcing contractor for the Chinese Ministry of National Security and participating in a series of hacking operations against U.S. targets.
Prosecutors said that Xu Zewei and his accomplice Zhang Yu had targeted a number of American universities in early 2020 in an attempt to steal scientific research results related to the new coronavirus epidemic. In addition, the two are accused of using previously unknown security vulnerabilities in Microsoft Exchange mail servers to launch large-scale intrusions into thousands of servers around the world starting in March 2021. The operation was attributed by U.S. security agencies to the Chinese-backed hacking group "Hafnium," later dubbed "Silk Typhoon."
Xu Zewei was arrested by local police in Italy last year after the United States issued a request. His Italian defense lawyer Simona Candido confirmed that Xu had been extradited to the United States on Saturday and was currently being held at a federal detention center in Houston. According to the official website of the U.S. Federal Bureau of Prisons, a man with the same name is indeed detained at the center.
According to court records, Xu Zewei’s lawyer in the United States, Dan Cogdell, is expected to appear in court in Houston for a relevant hearing on Monday. Cogdell told the media that he only learned of the trial arrangement earlier on Monday. Angela Dodge, a spokesperson for the U.S. Attorney's Office for the Southern District of Texas, which is responsible for prosecuting the case, confirmed that she had received an interview email from the reporter, but has not yet responded to specific questions about the case.
When the U.S. Department of Justice initially announced criminal charges against Xu Zewei and others, it said that Xu worked for "Shanghai Panshi Network Technology", a company located in Shanghai, China. Prosecutors said the company provided "hacking services" to the Chinese government and that Xu and his associates would report cyberattacks directly to Chinese officials in Shanghai. In the Microsoft Exchange vulnerability incident, security researchers believe that relevant hackers used "zero-day vulnerabilities" to conduct large-scale scans and attacks on servers running the email system. Targets include U.S. defense contractors, law firms, think tanks, and infectious disease research institutions. Prosecutors alleged that the "Hafnium" organization targeted more than 60,000 U.S. institutions, of which more than 12,700 were successfully invaded.
The Chinese Embassy in Washington has not yet responded to requests for comment on the case itself and the U.S. accusations. The Financial Times previously reported that China’s Ministry of Foreign Affairs opposed Italy’s extradition of Xu Zewei to the United States and accused the United States of “fabricating the facts of the case.”
In recent years, the U.S. government has continued to announce criminal charges against a number of hackers suspected of having ties to the Chinese government, but most of them are still stranded overseas and have not been taken to U.S. courts for trial. In 2022, a Chinese citizen named Xu Yanjun was sentenced to 20 years in prison in the United States for engaging in cyber espionage. At the time, the U.S. Department of Justice said this was the first case in which a Chinese government intelligence official was extradited to the United States and ultimately sentenced. Currently, the Xu Zewei case is regarded by the outside world as another landmark case in the game between cross-border cybercrime and national security by the United States, and its subsequent trial progress will still receive widespread attention.