In a significant development on the cybercrime front, 33-year-old Chinese national Xu Zewei has been arrested in Milan, Italy, following a U.S. warrant for his alleged involvement in a string of computer intrusions, as he stepped off a plane arriving from China. According to the U.S. Attorney's Office for the Southern District of Texas, this arrest is linked to the HAFNIUM campaign which targeted thousands of computers globally between February 2020 and June 2021.
The accusations against Xu, and his co-conspirator, 44-year-old Zhang Yu who remains at large, span a nine-count indictment that was returned in November 2023, charging them with conducting operations under the direction of the Shanghai State Security Bureau, an arm of the People's Republic of China’s Ministry of State Security accused by the indictment of being behind intrusions into U.S. cybersecurity systems, the indictment alleges MSS and SSSB are PRC intelligence services responsible for PRC's domestic counterintelligence, non-military foreign intelligence and aspects of the PRC's political and domestic security.
Hacking and stealing critical COVID-19 research during a time when said government withheld virus information from the world, an alleged act to the global struggle against the pandemic, this according to the U.S. Attorney's Office, "The Southern District of Texas has been waiting years to bring Xu to justice and that day is nearly at hand."
Xu's alleged cybercrimes involved targeting U.S.-based universities and prominent immunologists and virologists working on COVID-19 vaccines, treatments, and tests, a court document detailed their activities were reported to officers in the SSSB who were supervising and directing the hacking operations "The indictment alleges that Xu was hacking and stealing crucial COVID-19 research at the behest of the Chinese government while that same government was simultaneously withholding information about the virus and its origins," said Nicholas Ganjei in the press release. The operation also exploited vulnerabilities in Microsoft Exchange Server—a key Microsoft product for email communications—pivotal in a campaign known publicly as "HAFNIUM."
Xu now faces charges including wire fraud and conspiracy to damage protected computers, with a potential sentence of up to 20 years for some charges. For the aggravated identity theft charge, he could receive an additional two years, to be served consecutively. Anyone with information on Zhang's whereabouts is urged to contact the FBI at 1-800-CALL-FBI (1-800-225-5324). The case against Xu is being prosecuted by SDTX Assistant U.S. Attorneys S. Mark McIntyre and John Marck, along with Deputy Chief Matthew Anzaldi of the National Security Division's National Security Cyber Section.
