Chinese National Extradited to the U.S. for Cyber Attacks Linked to Silk Typhoon Group
A 34-year-old Chinese citizen, Xu Zewei, has been extradited from Italy to the United States, facing charges related to his alleged involvement with the Silk Typhoon hacking group. The extradition, a significant move in international cybersecurity enforcement, follows Xu’s arrest in July 2025 by Italian authorities. He is accused of orchestrating cyber attacks targeting American institutions and agencies from February 2020 to June 2021, one notably involving the breach of systems at a Texas university to access sensitive COVID-19 vaccine data.
Xu’s indictment includes nine counts of wire fraud, conspiracy to inflict damage upon and unlawfully obtain information from protected systems, and aggravated identity theft. These accusations align Xu with a broader pattern of state-sponsored cyber activities attributed to the Chinese government, specifically the Ministry of State Security’s Shanghai State Security Bureau. Xu, alongside co-defendant Zhang Yu, allegedly executed these attacks using tactics directed by the MSS, which have included exploiting vulnerabilities in the widely used Microsoft Exchange Server, an operation categorized by Microsoft as part of a larger threat activity group known as Hafnium.
The U.S. Department of Justice has described Xu’s employer, Shanghai Powerock Network Co. Ltd., as one of several “enabling” companies involved in such government-sponsored hacking initiatives. Under the indictment, Xu and his collaborators are said to have targeted U.S. universities, immunologists, and virologists engaged in critical COVID-19 research, substantiating claims of a deliberate effort to undermine American public health initiatives.
As outlined in the indictment, the attack techniques utilized may have involved initial access via phishing or exploitation of software vulnerabilities, such as those documented in the MITRE ATT&CK framework. In this case, Xu’s team would have capitalized on exploits in Microsoft Exchange Server to gain persistence and carry out further operations. This approach not only underscores the sophistication of the attack but also highlights the ongoing challenges of securing sensitive information amidst evolving cyber threats.
Despite the charges, Xu has maintained his innocence, asserting through legal representation that he is not connected to any Chinese government hacking operations. His arrest occurred while vacationing in Milan with his spouse, and he has pleaded not guilty during court proceedings in the U.S. Zhang Yu, his co-defendant, remains at large, complicating the ongoing investigation.
This case serves as a stark reminder of the escalating threat landscape involving state-sponsored cyber actors, particularly as the global focus remains on critical infrastructure and health security amid ongoing challenges posed by the pandemic. Business owners and cybersecurity professionals are advised to remain vigilant and implement comprehensive security measures to mitigate the risks posed by such advanced persistent threats. As the situation unfolds, further developments will likely continue to shape the discourse around international cybersecurity cooperation and enforcement.
In conclusion, the extradition and pending trial of Xu Zewei spotlights the complexities of global cyber governance and the need for robust defensive strategies against the multifaceted approaches used by adversaries. For organizations, understanding the tactics identified by frameworks like MITRE ATT&CK is crucial in fortifying defenses and preparing for possible intrusions, underscoring the importance of a proactive and informed cybersecurity posture in this evolving threat environment.