Italy extradites alleged Chinese state hacker to US

A Chinese national accused of being a member of a state-backed hacking group has been extradited to the U.S. from Milan, his lawyer confirmed on Monday.

Xu Zewei was arrested in July 2025 by Italian authorities after he was accused by the U.S. of involvement with a Chinese hacking group allegedly responsible for breaking into systems at a Texas university to steal COVID-19 vaccine information.

Xu’s lawyer, Simona Candido, told Recorded Future News that he was extradited on Saturday and is currently being held at the Houston Federal Detention Center.

Chinese Foreign Ministry spokesman Lin Jian criticized the Italian government’s decision during a press conference on Monday. 

Xu has repeatedly denied any involvement in Chinese government hacking operations, claiming his arrest was a case of mistaken identity. He was in Milan with his wife on vacation when he was arrested. 

U.S. officials issued an arrest warrant for him last year on charges of wire fraud, aggravated identity theft and unauthorized access to protected computers. 

In a nine-count indictment unveiled last year, the Justice Department accused him and co-defendant Zhang Yu of being involved in “computer intrusions between February 2020 and June 2021, including the indiscriminate HAFNIUM computer intrusion campaign that compromised thousands of computers worldwide, including in the United States.”

Later in 2021, Xu and others were heavily involved in the attacks on Microsoft Exchange Servers, generally referred to as the Hafnium attacks.

Prosecutors said Xu was ordered to conduct the hacks at the behest of the Ministry of State Security (MSS) and Shanghai State Security Bureau (SSSB) intelligence services.

Court documents said Xu and other hackers targeted U.S. universities, immunologists and virologists conducting research into COVID-19 vaccines, treatment and testing. They allegedly reported back to supervising officers at the SSSB — including one instance where Xu confirmed that he “had compromised the network of a research university located in the Southern District of Texas.”

According to the documents, Xu was heavily involved in cyberattacks conducted by Hafnium, which is also known as Silk Typhoon. The group has spent years targeting the U.S. government agencies and other large organizations. 

The Justice Department initially filed a warrant for his arrest in the Southern District of Texas in November 2023.

“Through HAFNIUM, the CCP targeted over 60,000 U.S. entities, successfully victimizing more than 12,700 in order to steal sensitive information,” Brett Leatherman, assistant director of the FBI’s cyber division, said last year. 

Xu is facing 77 years in prison if convicted on all of the charges. His alleged co-conspirator Zhang Yu is still at large.