Chinese national indicted in COVID-era hacking scheme extradited to Texas

By Bethany Blankley
The Center Square

A years-long effort has resulted in the extradition of a Chinese national facing multiple espionage charges in Houston.

Chinese national Xu Zewei was extradited to the U.S. from Italy over the weekend and appeared before a federal judge in Houston on Monday.

He faces a nine-count indictment for his role in a People’s Republic of China HAFNIUM computer intrusion campaign targeting U.S. companies, which also compromised thousands of computers worldwide, according to the Office of U.S. Attorney for the Southern District of Texas.

Zewei was taken into custody in Milan, Italy, last July at the request of U.S. authorities, The Center Square reported. He and PRC national Zhang Yu were both indicted in 2023; Yu remains at large.

The two are accused of being involved in a hacking scheme from February 2020 through June 2021 directed by the PRC’s Ministry of State Security (MSS) Shanghai State Security Bureau (SSSB), according to the indictment. The MSS and SSSB are China intelligence services responsible for implementing domestic counterintelligence, non-military foreign intelligence and other operations, investigators found.

The pair in early 2020 targeted U.S.-based universities and leading immunologists and virologists to hack into computer systems and steal research they were conducting on COVID-19 vaccines, treatment and testing, and provide it to SSSB officers, according to the charges. This included hacking emails from virologists and immunologists engaged in COVID-19 research at a university in the Southern District of Texas, the charges allege. Zewei also worked for Shanghai Powerock Network Co. Ltd., “one of many ‘enabling’ companies in the PRC that conducted hacking for the PRC government,” the charges allege.

“It is notable that the Chinese government directed theft of COVID-19 research” beginning in February 2020 after the outbreak of the virus in mainland China “and at a time when PRC officials were withholding information about the virus and its origin,” former U.S. Attorney Nicholas Ganjei said last year when the indictments were unsealed. “The hacking of these American universities is not just a violation of intellectual property rights, it’s an attack on American scientific innovation. The hacking of a U.S. law firm is not just about computer crime. It’s about an attack on the American system of justice, which depends on the legal ability of clients to seek and obtain frank and confidential advice from their local counsel.”

Acting U.S. Attorney John Marck said Zewei is finally answering “for crimes that struck at the heart of American science and security — allegedly stealing COVID-19 research from our universities when the world needed it most.”

The FBI Cyber Division said the HAFNIUM campaign compromised more than 12,700 U.S. organizations. The two indicted were a few of many contractors the PRC used “to obscure its hand in cyber operations,” it said.

The hacking scheme involved exploiting vulnerabilities in a Microsoft Exchange Server, which is used to send, receive and store emails. In March 2021, Microsoft confirmed its exchange had been targeted by PRC-sponsored hackers; in July 2021, U.S. and foreign governments said the PRC MSS orchestrated HAFNIUM.

Zewei was charged on multiple counts of wire fraud, identity theft, obtaining information by unauthorized access to protected computers, among other charges. If convicted, he faces decades in prison.

Anyone with information about Yu’s whereabouts is asked to contact the FBI by calling 1-800-CALL-FBI (1-800-225-5324).

An ongoing investigation is being conducted by the FBI’s Houston Field Office.