The FBI announced the arrest of Xu Zewei on Tuesday, a prolific Chinese state-sponsored contract hacker accused of computer intrusions between February 2020 and June 2021.
Xu, who claims this is a case of mistaken identity, was arrested in Milan, Italy, on July 3 at the U.S.’s request.
U.S. authorities allege that he was part of a team of hackers who in 2020 hacked and otherwise targeted U.S.-based universities, immunologist, and virologists conducting research into COVID‑19 vaccines, treatment, and testing. The U.S. Justice Department says a research university located in the Southern District of Texas was also targeted.
"He told the judge that he had no reason to do what he is accused of and suggested that someone may have hacked into and used his account," his lawyer Enrico Giarda told reporters at the end of the hearing, which was held behind closed doors. [...]
The charges listed on the arrest warrant are wire fraud and aggravated identity theft, conspiracy to commit wire fraud and unauthorized access to protected computers. (Reuters)
The DOJ statement, citing court documents, explains Xu was directed to conduct the hacking from China's Ministry of State Security's (MSS) Shangai State Security Bureau.
Xu and his co-defendant, PRC national Zhang Yu (张宇), 44, are charged in a nine-count indictment, unsealed today in the Southern District of Texas, for their involvement in computer intrusions between February 2020 and June 2021, including the indiscriminate HAFNIUM computer intrusion campaign that compromised thousands of computers worldwide, including in the United States. Xu was arrested in Milan, Italy, and will face extradition proceedings. [...]
The MSS and SSSB are PRC intelligence services responsible for PRC’s domestic counterintelligence, non-military foreign intelligence, and aspects of the PRC’s political and domestic security. When conducting the computer intrusions, Xu worked for a company named Shanghai Powerock Network Co. Ltd. (Powerock). Powerock was one of many “enabling” companies in the PRC that conducted hacking for the PRC government. (DOJ)
“The indictment alleges that Xu was hacking and stealing crucial COVID-19 research at the behest of the Chinese government while that same government was simultaneously withholding information about the virus and its origins,” said Nicholas Ganjei, U.S. Attorney for the Southern District of Texas. “The Southern District of Texas has been waiting years to bring Xu to justice and that day is nearly at hand. As this case shows, even if it takes years, we will track hackers down and make them answer for their crimes. The United States does not forget.”
FBI Director Kash Patel called the arrest "huge."
Huge… manhunting the CCP https://t.co/gEzok2RCnj
— FBI Director Kash Patel (@FBIDirectorKash) July 11, 2025
Join the conversation as a VIP Member