Alleged Silk Typhoon hacker extradited to the United States to face charges

INDUSTRY NEWS 2 min read Alleged Silk Typhoon hacker extradited to the United States to face charges Graham CLULEY April 29, 2026 Promo Protect all your devices, without slowing them down. Free 30-day trial A man accused of working as a hacker for China's Ministry of State Security has been extradited to the USA from Italy, and faces - if found guilty - the prospect of decades behind bars. 34-year-old Xu Zewei arrived in Houston, Texas at the weekend after Italian authorities approved his extradition to the United States. At a federal court hearing on Monday, he pleaded not guilty, and is currently being held at the Federal Detention Center in Houston. Xu, who has consistently denied the charges and insists that Italian police detained the wrong man, was originally arrested in July 2025 while on holiday in Milan with his wife. According to the indictment, Xu and a co-conspirator spent the early months of 2020 attempting to steal coronavirus research from American universities, immunologists, and virologists. While the world's scientists raced to understand COVID-19, the alleged hackers were quietly trying to siphon off their work on vaccines, treatments, and testing. One of the instituions reportedly targeted was a Texas university. The US Department of Justice alleges that Xu was following orders from officers at the Shanghai State Security Bureau, an arm of China's Ministry of State Security. At the time, Xu was employed by Shanghai Powerock Network, a Chinese firm that prosectors described as existing to carry out hacking on Beijing's behalf. Xu is accused of being part of Hafnium - the Chinese state-backed hacking crew that Microsoft dubbed Silk Typhoon. This hacking group has been blamed for zero-day attacks on Microsoft Exchange Server that began in early 2021. Using a chain of previously unknown vulnerabilities, the attackers compromised as many internet-facing Exchange servers as they could, unlocking long-term access for themselves. According to the FBI, Hafnium targeted more than 60,000 organisations in the United States and successfully broke into over 12,700 of them. Those organisations impacted by the spate of attacks varied from defence contractors and law firms to think tanks and infectious disease researchers. Predictably, China has denied any involvement. The Chinese Foreign Ministry opposed Xu's extradition to the United States, and claimed that cases are being fabricated against Chinese citizens. If convicted on all charges - which include wire fraud, conspiracy to damage protected computers, and aggravated identity theft - Xu could spend decades in prison. What makes this case unusual is that most state-sponsored hackers indicted by the US Department of Justice never see the inside of an American courtroom. That's because those alleged to have been behind the attacks live in countries with no intention of handing their citizens over to the US legal system. But every so often, a suspect makes the mistake of going on holiday somewhere with an extradition agreement with the United States. For organisations that were caught up in the original Exchange Server free-for-all of 2021, this week's news might bring a small sense of vindication. For the rest of us, it's a useful reminder that the people behind these enormous, headline-grabbing campaigns are not faceless ghosts . They have names, employers, and - occasionally - travel plans. And just sometimes, those plans don't end the way they expected. TAGS industry news AUTHOR Graham CLULEY Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s. View all posts RIGHT NOW TOP POSTS SCAM HOW TO Scammer phone number lookup. How to check if a phone number is a scam April 19, 2024 INDUSTRY NEWS DATA BREACH Rockstar Games confirms breach after ShinyHunters leaks stolen analytics data April 14, 2026 FAMILY SAFETY Is your child addicted to screens? What parents should watch for, according to a therapist March 19, 2026 INDUSTRY NEWS MOBILE SECURITY Fake WhatsApp Clone Used in Spyware Campaign, Meta Warns April 02, 2026 FOLLOW US ON SOCIAL MEDIA YOU MIGHT ALSO LIKE SCAM Mobile fraud alert in Australia: How scammers take over your phone number Cristina POPOV April 29, 2026 INDUSTRY NEWS Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats Graham CLULEY April 30, 2026 SCAM Netflix Phishing Scams: They’re More Dangerous Than You Think Silviu STAHIE April 27, 2026 BOOKMARKS You have no bookmarks yet. Tap to read it later.