A man accused of conducting cyberattacks for China’s government has been extradited from Italy to the United States, where he faces more than 10 years in prison if convicted. The case marks another significant step in US efforts to prosecute foreign hackers targeting American institutions and infrastructure.
The extradition comes as tensions between the US and China over cybersecurity continue to escalate, with American prosecutors increasingly pursuing criminal charges against suspected state-sponsored hackers. The case highlights the ongoing threat posed by nation-state actors targeting critical research and infrastructure.
According to TechCrunch, Xu Zewei was arrested in Italy last year at the request of US authorities and extradited to the United States on Saturday. He is now being held at the Federal Detention Center in Houston, Texas. During a Monday court hearing, Xu pleaded not guilty to all charges through his US attorney Dan Cogdell.
The Justice Department alleges that Xu worked as a contractor for China’s Ministry of State Security, conducting cyberattacks through Shanghai Powerock Network, a Chinese company that prosecutors say carried out hacking operations for Beijing. Prosecutors claim Xu and his co-conspirator Zhang Yu specifically targeted several US universities in early 2020 to steal research related to the COVID-19 pandemic.
The charges also connect Xu to a massive cyberattack campaign that began in March 2021. Prosecutors allege he was part of the Chinese-backed hacking group known as Hafnium, later called Silk Typhoon, which exploited previously unknown security flaws in Microsoft Exchange servers. This “indiscriminate” campaign had staggering scope:
- More than 60,000 entities in the US were targeted
- Over 12,700 organizations were successfully compromised
- Victims included defense contractors, law firms, think tanks, and infectious disease researchers
The scale of this attack demonstrates how state-sponsored hacking groups can cause widespread damage by targeting commonly used software infrastructure. Microsoft Exchange servers are widely deployed across American organizations, making them attractive targets for mass exploitation campaigns.
China has pushed back against the charges and extradition. The Financial Times reported that China’s Foreign Ministry opposed Xu’s extradition and accused the US government of “fabricating cases.” The Chinese Embassy in Washington did not respond to requests for comment.
This case is part of a broader pattern of US prosecutions targeting suspected Chinese hackers, though many remain beyond American jurisdiction. In 2022, Yanjun Xu was sentenced to 20 years in prison for hacking crimes, marking what the Justice Department called the first case where a Chinese government intelligence officer had been extradited to the United States.
The successful extradition of Xu Zewei shows how international cooperation can help bring alleged cybercriminals to justice, even when they operate across borders. However, the vast majority of state-sponsored hackers remain in countries that don’t extradite to the US, limiting the deterrent effect of such prosecutions.