Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks

Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks Ravie LakshmananApr 28, 2026Cyber Espionage / Vulnerability A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy.  Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating cyber attacks against American organizations and government agencies between February 2020 and June 2021, including breaking into systems at a Texas university to steal COVID-19 vaccine information. He was charged with nine counts of wire fraud and conspiracy to cause damage to and obtain information by unauthorized access to protected computers, as well as committing aggravated identity theft. Xu, along with co-defendant and Chinese national Zhang Yu, is said to have undertaken the attacks under directions issued by the Ministry of State Security's (MSS) Shanghai State Security Bureau (SSSB). Some of these attacks weaponized then zero-days in Microsoft Exchange Server, a threat activity cluster that Microsoft tracked as Hafnium, to breach targets and deploy web shells for remote administration. Xu worked for a company named Shanghai Powerock Network Co. Ltd. when the attacks were carried out, per the indictment. The U.S. Department of Justice (DoJ) said Powerock was one of many "enabling" companies in China that conducted hacking operations for the government. "In early 2020, Xu and his co-conspirators hacked and otherwise targeted U.S.-based universities, immunologists, and virologists conducting research into COVID‑19 vaccines, treatment, and testing," the DoJ added. "The charges further allege that beginning in late 2020, Xu and his co-conspirators exploited certain vulnerabilities in Microsoft Exchange Server, a widely-used Microsoft product for sending, receiving, and storing email messages." However, the defendant has repeatedly denied any involvement in Chinese government hacking operations, claiming his arrest was a case of mistaken identity. He was in Milan with his wife on vacation when he was apprehended. Speaking to TechCrunch, Xu's lawyer said he pleaded not guilty to all charges during a court hearing on Monday. Zhang Yu remains at large. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  cyber espionage, cybersecurity, data breach, identity theft, Microsoft Exchange, Vulnerability, Wire Fraud, zero-day Trending News Why Threat Intelligence Is the Missing Link in CTEM Prioritization and Validation OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released Why Security Leaders Are Layering Email Defense on Top of Secure Email Gateways n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads Your MTTD Looks Great. Your Post-Alert Gap Doesn't Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched The Hidden Security Risks of Shadow AI in Enterprises Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation Load More ▼ Popular Resources Discover Key AI Security Gaps CISOs Face in 2026 Automate Alert Triage and Investigations Across Every Threat How to Identify Risky Browser Extensions in Your Organization Fix Rising Application Security Risks Driven by AI Development