Italy has extradited a Chinese national accused of hacking U.S. universities, hospitals, and COVID-19 researchers to Texas, where prosecutors say he operated as a contract hacker under direction from the Chinese Communist Party. U.S. authorities credit Italian police for the arrest and say the suspect faces a multi-count indictment tied to the HAFNIUM campaign and other intrusions that hit thousands of systems between 2020 and 2021. The case highlights tensions over state-sponsored cyber operations and the need for firm responses when foreign intelligence services target American research and institutions. This article lays out what officials allege, what was revealed in official posts, and how both sides are reacting.
Law enforcement officials identified the suspect as Xu Zewei and say he was part of a wide-ranging campaign of cyber intrusions. Authorities point to activity that targeted U.S.-based universities and research labs during the peak of the pandemic, alleging a direct link to PRC intelligence officials. The Justice Department and FBI framed the case as part of a larger, state-directed effort to steal intellectual property and sensitive research. That charge turns a typical criminal case into a matter of national security, according to federal prosecutors.
The FBI’s Cyber Division posted an announcement on social media underscoring the scale of the alleged operation and the international cooperation involved. That post emphasized the perceived role of China’s Ministry of State Security and cited cooperation from Italian law enforcement in securing the extradition. U.S. officials say this arrest demonstrates what can happen when allies coordinate to disrupt state-backed cyber campaigns. It also sends a message that contract hackers who work for foreign intelligence services will be pursued beyond borders.
Public filings and the indictment detail alleged intrusions that stretch from February 2020 through June 2021, spanning thousands of compromised systems worldwide. Prosecutors say some of those intrusions are part of the HAFNIUM campaign, which previously drew attention for its focus on private sector and academic targets. Other intrusions reportedly aimed at COVID-19 research highlight the stakes when scientific and medical data are targeted during a global health emergency. If proven, the charges could result in lengthy prison sentences and significant disruption to the accused’s network of operatives.
🚨 Today the @FBI and @TheJusticeDept announced the extradition of Xu Zewei, a prolific contract hacker alleged to have worked on behalf of the Chinese Communist Party. Xu is accused of participating in the HAFNIUM #cyber espionage group, which conducted a vast campaign directed by China’s Ministry of State Security that compromised thousands of U.S. organizations.
In a separate campaign, Xu and his co-conspirators are also alleged to have targeted U.S.-based universities, immunologists, and virologists—once again under the supervision and direction of CCP intelligence officers.
The #FBI is grateful to Italian law enforcement, especially the Polizia Postale, whose partnership was critical to securing Xu’s arrest and extradition. 🔗 https://justice.gov/opa/pr/prolific-chinese-state-sponsored-contract-hacker-extradited-italy
Official documents describe Xu as a 34-year-old PRC national accused in a nine-count indictment related to computer intrusions. The complaint names co-conspirators and alleges a pattern of conduct consistent with state-directed cyber espionage. Prosecutors say the accused operated under supervision and direction from intelligence officers in Shanghai, turning technical skills into a tool for foreign state objectives. That alleged relationship between hacker and state is what elevates the case from common cybercrime to an act that implicates foreign policy and national security.
There was an earlier arrest in Milan in July 2025 tied to identity theft, wire fraud, and cyber-espionage allegations, which ultimately led to the extradition request. Italian authorities acted on that arrest and coordinated with U.S. prosecutors to transfer custody for prosecution in Texas. The cooperation drew public thanks from U.S. officials, who framed the extradition as a win for allied law enforcement against state-directed cyber threats. For Washington, the case is a reminder that international partnerships are essential to holding foreign adversaries accountable.
Xu Zewei (徐泽伟), 34, of the People’s Republic of China was extradited to the United States this weekend and appeared today in U.S. District Court in Houston on a nine-count indictment related to his involvement in computer intrusions between February 2020 and June 2021. Certain of those computer intrusions allegedly are part of the HAFNIUM computer intrusion campaign that compromised thousands of computers worldwide, including in the United States. Other intrusions targeted U.S. COVID-19 research during the height of the pandemic. Xu is charged along with Zhang Yu (张宇), 44, who is also a PRC national.
Beijing pushed back publicly, calling the charges politically motivated and urging Italy to revisit its decision, according to statements reported in the wake of the extradition. The Chinese Foreign Ministry’s spokesperson framed the situation as a diplomatic dispute and denounced what they called fabrication and political manipulation. That response was swift, reflecting the sensitive nature of allegations that link cyber operators to state intelligence. From the U.S. side, officials made clear that evidence and allied cooperation drove the extradition request.
For now, the suspect is in U.S. custody and faces a federal court process that could take months or years to resolve. Prosecutors will need to present evidence tying the alleged intrusions to specific harms and to the defendants named in the indictment. The case will test the capacity of the U.S. legal system to prosecute alleged state-backed cyber actors and the willingness of allies to assist. If convictions follow, the outcome could shape how Washington deters and responds to future operations by hostile intelligence services.
Add comment