A Chinese national accused of belonging to the Silk Typhoon state-sponsored threat group was extradited from Italy to the US over the weekend, according to the Department of Justice. Xu Zewei, 34, was arrested in July 2025 after being charged in the US for participating in multiple cyberattacks mounted by Silk Typhoon (also known as Hafnium and Murky Panda), including attacks against US universities.
The DOJ says Xu conducted cyberattacks on behalf of China’s Ministry of State Security and Shanghai State Security Bureau, working for Shanghai Powerock Network. Between early 2020 and early 2021, Xu and his co-conspirators targeted US universities, immunologists and virologists, reporting successful compromises to SSSB officers, and they later exfiltrated information from targeted inboxes after hacking a Texas university.
They allegedly exploited Microsoft Exchange Server zero‑day vulnerabilities in a broad campaign that affected thousands of systems worldwide, with FBI action in April 2021 to clean web shells from hundreds of US systems. Xu appeared in a Houston District Court this week and faces nine counts of wire fraud, computer hacking, information theft, identity theft and damaging protected computers, with another Chinese national, Zhang Yu, remaining at large.