Prolific Chinese hacker arrested for stealing COVID-19 data during pandemic

The Department of Justice reported that Xu Zewei, 33, a citizen of the People's Republic of China, was arrested on July 3 in Italy at the request of the United States.

Xu Zewei and his co-defendant, 44-year-old Chinese national Zhang Yu, face nine charges related to computer intrusions carried out between February 2020 and June 2021. Their alleged activities include involvement in the widespread HAFNIUM intrusion campaign, which compromised thousands of computers globally, including many in the United States.

Authorities reported that Xu was arrested in Milan, Italy, and is now awaiting extradition proceedings. Court documents reveal that officials from the Shanghai State Security Bureau (SSSB), part of China’s Ministry of State Security (MSS), directed Xu to carry out the cyberattacks.

The Department of Justice stated that in February 2020, as the world faced the onset of the pandemic, Xu Zewei and other hackers—acting on behalf of the Chinese Communist Party (CCP)—targeted U.S. universities to steal COVID-19 research.

"China’s Ministry of State Security Directed the Theft of COVID-19 Research and the Exploitation of Microsoft Exchange Server Vulnerabilities, Known Publicly as the Indiscriminate ‘HAFNIUM’ Intrusion Campaign,” the Justice Department reported.

In that regard, the DOJ stated that "Xu worked for a company named Shanghai Powerock Network Co. Ltd. (Powerock). Powerock was one of many ‘enabling’ companies in the PRC that conducted hacking for the PRC government."

Among those affected by Xu's exploitation of Microsoft Exchange Server were a university in the Southern District of Texas and a global law firm with an office in Washington, D.C. After breaching these systems, Xu and his accomplices installed web shells to maintain remote control.