XU Zewei, 34, a Chinese national alleged to be a member of the Silk Typhoon hacking group, has been extradited to the U.S. from Italy. He was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state‑sponsored threat group and for orchestrating cyber attacks against American organisations and government agencies between February 2020 and June 2021, including breaches at a Texas university to steal COVID‑19 vaccine information.
He faces nine counts of wire fraud and conspiracy to damage or obtain information by unauthorized access to protected computers, as well as aggravated identity theft. Xu, who worked for Shanghai Powerock Network Co. Ltd. at the time of the attacks, is said to have carried out operations under directions issued by the Ministry of State Security's Shanghai State Security Bureau, with some campaigns weaponising zero‑days in Microsoft Exchange Server, activity Microsoft tracked as Hafnium.
The DoJ notes that Powerock was among several “enabling” firms in China that conducted hacking operations for the government, and Zhang Yu remains at large. According to the DoJ, Xu and his co‑conspirators targeted U.S.-based universities, immunologists and virologists researching COVID‑19 vaccines, with offences including exploiting vulnerabilities in Microsoft Exchange Server.