Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks: A Landmark Case in Transnational Cyber Espionage

May 17, 2026

In a rare and significant breakthrough for international cyber law enforcement, a suspected Chinese state-sponsored contractor has been successfully extradited to the United States. Arriving in Houston, Texas, after being turned over by Italian authorities, the defendant faces a stringent federal indictment for orchestrating a series of major, pandemic-era digital intrusions. This cross-border legal action highlights growing Western cooperation in countering sophisticated, state-directed digital threats and marks one of the few instances where an alleged operative of a foreign intelligence network will face an American courtroom.

Italian authorities have handed over 34-year-old Chinese national Xu Zewei to the United States following his arrest in July 2025 at Malpensa Airport in Milan. Described by the Italian National Police as a "dangerous foreign hacker," Xu was on vacation with his wife when he was detained. He has since maintained his innocence, with his defense claiming his arrest is a case of mistaken identity. However, U.S. prosecutors allege that Xu operated as a prolific state-sponsored contract hacker under the direct supervision and control of intelligence officers from the Shanghai State Security Bureau (SSSB), a regional arm of China’s Ministry of State Security (MSS). To obscure the Chinese government's direct hand in global cyber espionage, Xu carried out these operations while employed at Shanghai Powerock Network Co. Ltd., a front company used by the PRC to hide its offensive cyber footprint. Xu is linked directly to the notorious state-backed threat group known as "Hafnium" or "Silk Typhoon."

Between February 2020 and June 2021, at the height of the global pandemic, Xu and his co-conspirator, 44-year-old Zhang Yu (who remains at large), executed a vast intrusion campaign. By exploiting critical zero-day vulnerabilities in Microsoft Exchange Server software, the group cast an incredibly wide net, targeting over 60,000 entities worldwide and successfully compromising more than 12,700 organizations in the United States alone. Acting on explicit orders from SSSB intelligence officers to target infectious disease experts, Xu successfully infiltrated networks belonging to immunologists, virologists, and universities—specifically confirming to his handlers on February 19, 2020, that he had breached a research university located in the Southern District of Texas—to exfiltrate proprietary data on COVID-19 vaccines, testing, and treatments. Furthermore, under the direction of the SSSB, Xu breached a global law firm with offices in Washington, D.C., using specific search terms like “MSS,” “Chinese sources,” and “HongKong” to harvest sensitive communications regarding American policymakers and government agencies.

Following his rare extradition over the weekend, Xu appeared in a Houston, Texas federal court where he pleaded not guilty to a nine-count criminal indictment. The charges include wire fraud, aggravated identity theft, and conspiracy to obtain information by unauthorized access to protected computers. Currently held at the Federal Detention Center in Houston, Xu faces a maximum penalty of several decades in prison if convicted on all counts. Assistant Attorney General for National Security John A. Eisenberg, alongside the FBI's Cyber Division, hailed the rare extraction as a major victory against China's state-directed cyber campaigns. Meanwhile, defense lawyers Simona Candido and Dan Cogdell, along with the Chinese Embassy in Washington, D.C., did not immediately respond to requests for comment, though Beijing's Foreign Ministry has sharply criticized the extradition, dismissing the allegations as fabricated, groundless smears.