Back

Italy Extradites Chinese Hacker Xu Zewei to the U.S. for COVID-19 Research Theft

Severity: High (Score: 74.0)

Sources: Thenews.Pk, www.justice.gov, Unn.Ua, attack.mitre.org, Ft

Summary

Xu Zewei, a 33-year-old Chinese national, was extradited from Italy to the United States on April 27, 2026, following his arrest in Milan on July 3, 2025. He is accused of participating in cyberattacks directed by the Chinese government, specifically targeting U.S. universities to steal COVID-19 research between February 2020 and June 2021. The U.S. Department of Justice has charged him with wire fraud, aggravated identity theft, and conspiracy related to a hacking campaign attributed to the Hafnium group. This group exploited vulnerabilities in Microsoft Exchange servers, affecting over 60,000 entities and successfully compromising more than 12,700. Xu's extradition comes after an Italian court ruled in favor of the U.S. request earlier in April 2026. The Chinese government has condemned the extradition, claiming it is politically motivated. Xu maintains his innocence, asserting he is a victim of mistaken identity. Key Points: • Xu Zewei was extradited to the U.S. on charges related to COVID-19 research theft. • He is accused of being part of the Hafnium hacking group that targeted over 60,000 entities. • The Chinese government opposes the extradition, labeling the charges as politically motivated.

Key Entities

  • Hafnium (apt_group)
  • Silk Typhoon (apt_group)
  • Data Breach (attack_type)
  • Malware (attack_type)
  • Hafnium Campaign (campaign)
  • China (country)
  • Iran (country)
  • Italy (country)
  • United States (country)
  • informatica.la (domain)
  • internazionale.it (domain)
  • statunitensi.il (domain)
  • Education (company)
  • Azure (company)
  • ASPXSpy (malware)
  • China Chopper (malware)
  • Simpleseesharp (malware)
  • Sportsball (malware)
  • T1003.003 - NTDS (mitre_attack)
  • T1003 - OS Credential Dumping (mitre_attack)
  • T1033 - System Owner/User Discovery (mitre_attack)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1057 - Process Discovery (mitre_attack)
  • GitHub (platform)
  • Microsoft Exchange (platform)
  • Microsoft Exchange Server (platform)
  • Office 365 (platform)
  • SharePoint (platform)
  • OneDrive (tool)
  • 7-Zip (tool)
  • Covenant (tool)
  • Nishang (tool)
  • PowerCat (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed