Chinese Man Accused of Cyberattacks on U.S. Extradited to Houston for Trial
A man accused of launching cyberattacks on behalf of the Chinese government has been extradited to the United States and is currently detained in Houston, Texas, awaiting trial. According to previous indictments from the U.S. Department of Justice, the man, identified as Xu Zewei, allegedly worked as a contractor for China’s Ministry of State Security and participated in a series of hacking operations targeting U.S. entities.
Prosecutors allege that Xu Zewei and his accomplice, Zhang Yu, targeted multiple U.S. universities starting in early 2020, attempting to steal research related to COVID-19. Additionally, the two are accused of launching a large-scale intrusion campaign against tens of thousands of servers worldwide, starting in March 2021, exploiting previously unknown security vulnerabilities in Microsoft Exchange email servers. This operation was attributed by U.S. security agencies to the China-backed hacking group “Hafnium,” later also known as “Silk Typhoon.”
Following a request from the U.S. side, Xu Zewei was arrested by local police in Italy last year. His Italian defense attorney, Simona Candido, confirmed that Xu was extradited to the U.S. last Saturday and is currently being held at a federal detention center in Houston. According to information on the U.S. Federal Bureau of Prisons website, a man with the same name is indeed being held at that facility.
According to court records, Xu Zewei’s U.S. attorney, Dan Cogdell, is scheduled to appear in Houston for a hearing on Monday this week. Cogdell told the media that he only learned of the court arrangement earlier Monday. Angela Dodge, a spokesperson for the U.S. Attorney’s Office for the Southern District of Texas, which is prosecuting the case, confirmed receiving interview requests from reporters but has not yet responded to specific questions about the case.
The U.S. Department of Justice stated when initially announcing criminal charges against Xu Zewei and others that Xu had previously worked for a Shanghai-based company called “Shanghai Panstone Network Technology.” Prosecutors claim that the company provided “hacking services” to the Chinese government, and Xu and his accomplices would directly report details of cyberattacks to Chinese officials stationed in Shanghai. In the Microsoft Exchange vulnerability incident, security researchers believe that the hackers used a “zero-day exploit” to scan and attack servers running the email system on a large scale, targeting U.S. defense contractors, law firms, think tanks, and infectious disease research institutions, among others. Prosecutors allege that the “Hafnium” organization targeted over 60,000 U.S. entities, successfully infiltrating more than 12,700 of them.
Regarding the case itself and the U.S. accusations, the Chinese Embassy in Washington has not yet responded to requests for comment. The Financial Times previously reported that the Chinese Foreign Ministry opposed Italy’s extradition of Xu Zewei to the U.S., accusing the U.S. side of “fabricating evidence.”
In recent years, the U.S. government has continuously announced criminal charges against several hackers suspected of being linked to the Chinese government, but most remain abroad and have not been brought to trial in U.S. courts. In 2022, a Chinese citizen named Xu Yanjun was sentenced to 20 years in prison in the U.S. for engaging in cyber espionage. At the time, the U.S. Department of Justice said it was the first case of a Chinese government intelligence officer being extradited to the U.S. and ultimately convicted. Currently, the Xu Zewei case is seen by outsiders as another landmark case in the U.S.’s game of cross-border cybercrime and national security, and the subsequent trial proceedings will continue to receive widespread attention.