Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
Chinese Silk Typhoon hacker extradited to U.S. for COVID-19 vaccine theft cyberattacks.
Summary
Xu Zewei, 34, a Chinese national linked to the state-sponsored Silk Typhoon group, was extradited from Italy to the U.S. to face charges for orchestrating cyberattacks against American universities, government agencies, and research organizations between 2020-2021, including theft of COVID-19 vaccine research from a Texas university. The attacks exploited zero-day vulnerabilities in Microsoft Exchange Server (tracked as Hafnium) and were allegedly directed by China's Ministry of State Security. Xu has pleaded not guilty and claims mistaken identity, while his co-defendant Zhang Yu remains at large.
Full text
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks Ravie LakshmananApr 28, 2026Cyber Espionage / Vulnerability A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating cyber attacks against American organizations and government agencies between February 2020 and June 2021, including breaking into systems at a Texas university to steal COVID-19 vaccine information. He was charged with nine counts of wire fraud and conspiracy to cause damage to and obtain information by unauthorized access to protected computers, as well as committing aggravated identity theft. Xu, along with co-defendant and Chinese national Zhang Yu, is said to have undertaken the attacks under directions issued by the Ministry of State Security's (MSS) Shanghai State Security Bureau (SSSB). Some of these attacks weaponized then zero-days in Microsoft Exchange Server, a threat activity cluster that Microsoft tracked as Hafnium, to breach targets and deploy web shells for remote administration. Xu worked for a company named Shanghai Powerock Network Co. Ltd. when the attacks were carried out, per the indictment. The U.S. Department of Justice (DoJ) said Powerock was one of many "enabling" companies in China that conducted hacking operations for the government. "In early 2020, Xu and his co-conspirators hacked and otherwise targeted U.S.-based universities, immunologists, and virologists conducting research into COVID‑19 vaccines, treatment, and testing," the DoJ added. "The charges further allege that beginning in late 2020, Xu and his co-conspirators exploited certain vulnerabilities in Microsoft Exchange Server, a widely-used Microsoft product for sending, receiving, and storing email messages." However, the defendant has repeatedly denied any involvement in Chinese government hacking operations, claiming his arrest was a case of mistaken identity. He was in Milan with his wife on vacation when he was apprehended. Speaking to TechCrunch, Xu's lawyer said he pleaded not guilty to all charges during a court hearing on Monday. Zhang Yu remains at large. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE Tweet Share Share Share SHARE cyber espionage, cybersecurity, data breach, identity theft, Microsoft Exchange, Vulnerability, Wire Fraud, zero-day Trending News 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Why Security Leaders Are Layering Email Defense on Top of Secure Email Gateways Why Threat Intelligence Is the Missing Link in CTEM Prioritization and Validation The Hidden Security Risks of Shadow AI in Enterprises Your MTTD Looks Great. Your Post-Alert Gap Doesn't Popular Resources Discover Key AI Security Gaps CISOs Face in 2026 Fix Rising Application Security Risks Driven by AI Development Automate Alert Triage and Investigations Across Every Threat How to Identify Risky Browser Extensions in Your Organization