In a significant development in international cybersecurity, a Chinese national named Xu Zewei was arrested at Milan Malpensa Airport on July 3, 2025, under a warrant issued by the U.S. government. Italian police apprehended Xu, aged 33 and residing in Shanghai, as he was reportedly on holiday with his wife. This arrest is linked to espionage activities that targeted COVID-19 vaccine research and sensitive U.S. government data.
Xu faces nine charges including wire fraud, aggravated identity theft, conspiracy, and unauthorized access to protected computers. These charges could result in a combined potential sentence of up to 32 years in prison, reflecting the gravity of the allegations. His legal proceedings are ongoing, as his case remains subject to extradition proceedings in Milan’s appeal court. Xu has denied all allegations, suggesting possible confusion involving stolen credentials or mistaken identity. His defense attorney, Enrico Giarda, contends that Xu is merely a technician on vacation, not a hacker.
Xu Zewei faces serious charges, including wire fraud and identity theft, amid ongoing extradition proceedings in Italy.
U.S. authorities have connected Xu to Hafnium, also known as Silk Typhoon, a purported Chinese state-linked hacking group responsible for a widespread cyber espionage campaign targeting U.S. COVID-19 vaccine research institutions between 2020 and 2021. These attacks exploited zero-day vulnerabilities in Microsoft Exchange servers, affecting thousands of computers across the globe. The hacking campaign aimed to pilfer sensitive U.S. government policy and data related to infrastructure, with direction believed to stem from China’s Ministry of State Security. Moreover, Xu’s extradition is currently being contested in an appeal court in Milan, where he challenges the legality of his extradition.
Furthermore, the U.S. Department of Justice has indicated that Xu’s alleged group operated under the auspices of the People’s Republic of China intelligence agencies. He was previously employed by Shanghai Powerock Network Co. Ltd., a private company purported to facilitate cyber intrusions on behalf of the Chinese government.
The incident emphasizes not only the challenges posed by global cyber threats but also the intricate geopolitical dynamics at play between nations in the domain of cybersecurity.
