A Chinese national accused of working at the direction of China’s state intelligence agency to infiltrate American networks and steal COVID-19 research has been arrested in Italy on a U.S. warrant.

Xu Zewei, 33, was detained at Milan’s international airport as he arrived on a flight from China, following a sealed indictment filed in Texas in 2023 and recently made public.

Federal prosecutors allege that Xu, alongside 44-year-old Zhang Yu, engaged in a wide-ranging cyberattack campaign between February 2020 and June 2021, orchestrated under the guidance of China’s Ministry of State Security (MSS) and its Shanghai State Security Bureau (SSSB).

Their operations included hacking major U.S. institutions, exploiting vulnerabilities in Microsoft Exchange servers, and targeting academic and health research centers during the peak of the COVID-19 pandemic.

Authorities say Xu worked for Shanghai Powerock Network Co. Ltd., a private contractor that allegedly functioned as a front for state-sponsored cyber espionage.

His role reportedly involved compromising networks and providing stolen data directly to MSS handlers.

One notable operation cited in the indictment involved Xu confirming, on February 19, 2020, the breach of a major research university’s systems.

Days later, under SSSB orders, he allegedly extracted emails and data from top virologists working on COVID-19 vaccines and treatment research.

Xu and his co-conspirators are also linked to the now-infamous “HAFNIUM” hacking campaign, where Microsoft Exchange Server vulnerabilities were exploited on a global scale.

U.S. officials say the intrusion affected thousands of systems worldwide, including law firms and policy institutions in Washington, D.C., with hackers searching mailboxes using terms like “Chinese sources,” “MSS,” and “Hong Kong.”

Federal officials have described the campaign as reckless and indiscriminate.

“The Southern District of Texas has been waiting years to bring Xu to justice,” said U.S. Attorney Nicholas Ganjei.

“Even if it takes years, we will track hackers down and make them answer for their crimes.”

Xu faces multiple federal charges, including wire fraud, computer fraud, identity theft, and conspiracy. If convicted, he could serve up to 20 years for wire fraud alone, with additional penalties for other charges, including a mandatory two-year sentence for identity theft.

Meanwhile, Zhang remains at large. The FBI is urging anyone with information about his location to contact 1-800-CALL-FBI.

The case is being prosecuted by Assistant U.S. Attorneys S. Mark McIntyre and John Marck, along with officials from the Justice Department’s National Security Division.

Earlier, Legit.ng reported that the United States had begun a large-scale deportation operation affecting over 1.4 million noncitizens, as the Trump administration moves forward with its immigration crackdown.

The deportations, targeting individuals with final removal orders, span more than 150 countries, making this one of the most extensive removal efforts in U.S. history.

PAY ATTENTION: Сheck out news that is picked exactly for YOU ➡️ find the “Recommended for you” block on the home page and enjoy!

Source: Legit.ng