Chinese Hacker Extradited to the US: The Xu Zewei Case

Xu Zewei, an alleged Hafnium member arrested in Milan, was extradited to the US. Accused of stealing COVID research, the case sparks a diplomatic crisis.

Chinese Hacker Extradited to the US: The Xu Zewei Case
Chinese Hacker Extradited to the US: The Xu Zewei Case

The 33-year-old Chinese engineer Xu Zewei was formally extradited to the United States on Saturday, April 25, 2026, and is currently held at the Houston Federal Detention Center. The event marks the conclusion of a complex legal case that began with his arrest in Milan on July 3, 2025, and was confirmed by the Supreme Court of Cassation's approval in early April 2026. Xu is accused by U.S. authorities of being part of the APT Hafnium group (also known as Silk Typhoon), linked to the Chinese Ministry of State Security, for conducting cyber espionage operations against U.S. universities and research institutes during the COVID-19 pandemic.

The context of the arrest and extradition from Italy

Xu Zewei's arrest took place at Malpensa last July, based on an arrest warrant issued by the Southern District of Texas in November 2023. The extradition request from the United States initiated a judicial process that placed Italy at the center of a delicate diplomatic negotiation between Washington and Beijing. After months of proceedings, the Italian Court of Cassation confirmed the extraditability in early April, paving the way for the physical transfer of the Chinese citizen, which occurred in recent days. Although some sources declined to specify the exact time of the transfer, Recorded Future News reported that the extradition was carried out on Saturday, April 25.

Italy's position as a transit country and holder of the pre-trial custody assumed significant geopolitical importance. The decision to hand over Xu to American federal justice was interpreted as an act of alignment with United States national security priorities, during a period of high tension in international relations. The case highlighted once again how cyberspace has become a silent but constant battlefield between major powers, with direct impacts on the judicial systems of allied countries.

Technical charges: Hafnium and the theft of COVID-19 research

According to the U.S. Department of Justice, Xu Zewei allegedly played a key role within HAFNIUM, an advanced persistent threat (APT) group supported by the Chinese MSS. The nine-count indictment includes charges of wire fraud, aggravated identity theft, and unauthorized access to protected computers. The illicit activities allegedly occurred during the crucial period between February 2020 and June 2021, coinciding with the global health emergency.

The most significant element of the accusation concerns the specific target of the operations: Xu allegedly targeted U.S. universities, immunologists, and virologists to steal research on COVID-19 vaccines and treatments. In one specific case confirmed by investigations, the group managed to compromise the network of a research university in the Southern District of Texas. The operational technique reportedly exploited vulnerabilities in internet-exposed systems, allowing unauthorized access and exfiltration of sensitive data, a typical modus operandi of state-sponsored cyber espionage operations.

The proportions of the operation attributed to the group are vast. Brett Leatherman, Assistant Director of the FBI's Cyber Division, stated that "Through HAFNIUM, the CCP targeted over 60,000 U.S. entities, successfully victimizing more than 12,700 in order to steal sensitive information." This figure highlights the scale of the attack, which was not limited to individual targets but affected a vast ecosystem of academic entities and institutions, attempting to compromise American national security and intellectual property.

Beijing's diplomatic reaction and the defense

The extradition sparked a sharp diplomatic reaction from China. Foreign Ministry spokesperson Lin Jian commented on the event on April 27, accusing the United States of "Fabricating charges through political manipulation." Beijing's official position denies any state involvement in hacking activities, calling the accusations a political construct aimed at damaging China's international image and justifying restrictive measures.

On the other hand, Xu Zewei's legal defense has maintained a line of firm denial. Attorney Simona Candido, who defended the Chinese citizen during the extradition proceedings in Italy, confirmed her client's transfer, reiterating that Xu has always denied any involvement in hacking activities. According to the defense strategy, it is a case of mistaken identity, with the citizen unjustly associated with cyber operations he did not commit. The trial strategy on American soil will now be crucial in determining whether the evidence collected by the FBI, including access logs and digital traces, will stand up in a federal courtroom.

Legal outlook and status of the co-defendant

Xu Zewei now faces a trial that could lead to very heavy penalties. If convicted of all counts, the Chinese citizen faces a cumulative sentence of up to 77 years in prison, a penalty that reflects the severity with which American justice treats cyber espionage offenses, especially when linked to the theft of strategic intellectual property such as medical research. His detention at the Houston Federal Detention Center marks the beginning of a new procedural phase, where the defense will examine the evidence presented by the prosecution.

Parallel to Xu's case, the front regarding co-defendant Zhang Yu remains open, as he is still at large. Federal authorities are continuing their search, suggesting that the Hafnium operation was supported by a network of operators rather than a single individual. Zhang Yu's fugitive status suggests that investigations could extend further, with possible new developments related to the APT group's support network. Attention also remains high on the diplomatic front, where Italy will have to manage the consequences of the extradition decision in its bilateral relations with China.

Frequently asked questions

Who is the Hafnium group mentioned in the Xu Zewei case?
Hafnium is an advanced persistent threat (APT) group also known as Silk Typhoon. According to U.S. authorities, the group is supported by the Chinese Ministry of State Security (MSS) and specializes in cyber espionage and the theft of sensitive data.
What data did the hacker group steal according to the prosecution?
According to the FBI, the group targeted over 60,000 U.S. entities, successfully victimizing more than 12,700. The main goal included research on COVID-19 vaccines and treatments, as well as immunological and virological data stolen from universities and research centers.
What does Xu Zewei risk after extradition to the USA?
Xu Zewei is charged with nine counts, including wire fraud and aggravated identity theft. If convicted of all charges, he could serve up to 77 years in federal prison.

This article is a summary based exclusively on the sources listed.

Sources