Who Is Xu Zewei? 33-Year-Old Chinese Hacker Arrested in Italy for COVID-19 Research Espionage Using Microsoft Server Exploit

In a major move against cybercrime, U.S. officials have confirmed the arrest of 33-year-old Chinese national Xu Zewei in Milan, Italy, on July 3. The arrest was made after a long investigation into cyberattacks targeting COVID-19 research in the U.S. Xu is accused of working with another Chinese citizen, Zhang Yu, 44, who is still at large. Both are believed to have acted on behalf of China’s Ministry of State Security (MSS).

Xu reportedly led hacking efforts for Shanghai Powerock Network Co. Ltd., a company tied to the Chinese government. U.S. prosecutors say he targeted American universities, scientists, and research labs that were developing COVID-19 vaccines and treatments in early 2020.

Court documents state that Xu worked under the Shanghai State Security Bureau (SSSB), part of the MSS. He allegedly carried out cyber intrusions into the systems of U.S. institutions using weaknesses in Microsoft Exchange Servers. This hacking operation is part of a larger cyber-espionage campaign known as “HAFNIUM,” which affected over 12,700 organizations around the world, including law firms and research centers.

One major target was a university in Texas, where Xu reportedly confirmed to Chinese officials that he had accessed scientists’ email accounts.

American authorities are calling this a clear case of state-sponsored cyber theft. “We will not tolerate foreign governments stealing from our institutions,” said Assistant Attorney General John Eisenberg. U.S. Attorney Nicholas Ganjei also stated that justice was long overdue in this case.

Xu is currently awaiting extradition to the U.S., where he will face formal charges. The FBI continues to search for Zhang Yu and asks anyone with information to come forward. While Xu has been charged, he remains innocent until proven guilty in court.