Alleged Chinese State-Sponsored Hacker Extradited to the United States After Italian Arrest

A man suspected of orchestrating cyberattacks on behalf of Beijing has been extradited to the United States, where he now faces serious federal charges. Chinese hacker extradited Xu Zewei, a contractor allegedly working for China’s Ministry of State Security, could spend more than a decade behind bars if convicted. His case underscores the growing tension between Washington and Beijing over state-backed digital espionage.

The Extradition Journey: From Italy to Houston

Xu was taken into custody in Italy last year at the request of U.S. authorities. His Italian attorney, Simona Candido, confirmed to TechCrunch that he was handed over to American officials on Saturday. He now sits in the Federal Detention Center in Houston, Texas, according to the U.S. Bureau of Prisons database.

Following this development, the Justice Department formally announced Xu’s extradition in a press release. His U.S. lawyer, Dan Cogdell, told TechCrunch that Xu pleaded not guilty to all charges during a Monday morning court hearing. Court records show he appeared for his initial federal hearing and was remanded into custody.

Alleged Cyberattacks on Universities and Microsoft Exchange Servers

Prosecutors allege that Xu, along with co-conspirator Zhang Yu, targeted several American universities in early 2020. Their goal? To steal sensitive research related to the COVID-19 pandemic. This was just the beginning. The duo is also accused of hacking thousands of email servers running Microsoft Exchange starting in March 2021, as part of a widespread campaign linked to the Chinese-backed hacking group Hafnium, later dubbed Silk Typhoon.

According to the Justice Department, Xu worked for Shanghai Powerock Network, a company that prosecutors say conducted hacking operations for Beijing. The hackers allegedly reported directly to Chinese state officials in Shanghai. The Hafnium group exploited previously unknown security flaws in Microsoft Exchange servers, targeting American defense contractors, law firms, think tanks, and infectious disease researchers.

Prosecutors claim the group targeted more than 60,000 entities in the U.S. and successfully breached over 12,700 of them. This means that the scale of the operation was vast, affecting critical infrastructure and intellectual property.

China’s Response and Diplomatic Fallout

The Chinese Embassy in Washington, D.C., did not respond to requests for comment. However, the Financial Times reported that the Chinese Foreign Ministry opposed Xu’s extradition, accusing the U.S. government of fabricating cases. This is not the first time Beijing has pushed back against such allegations, often framing them as politically motivated.

For years, the U.S. government has charged suspected Chinese hackers, though many remain at large. In 2022, Yanjun Xu was sentenced to 20 years in prison for hacking crimes, marking what the DOJ called the first case where a Chinese government intelligence officer had been extradited to the United States. This latest extradition signals a continued effort by Washington to hold state-sponsored hackers accountable.

What This Means for Cybersecurity and International Law

This case highlights the challenges of prosecuting cybercriminals who operate across borders. The extradition of a Chinese hacker to the US is a rare but significant step. It demonstrates that international cooperation can still work, even in the murky world of state-sponsored cyberattacks. However, it also raises questions about the effectiveness of such actions in deterring future attacks.

As cyber threats grow more sophisticated, governments must adapt their legal frameworks. The US Justice Department has made it a priority to pursue hackers who target American institutions. Yet, without consistent global cooperation, many perpetrators remain beyond reach.

For more insights on cybersecurity trends, read our analysis on the evolving cyber threat landscape. Additionally, explore how state-sponsored hacking tactics are changing the game for national security.

Conclusion: A Precedent for Future Cases?

Xu Zewei’s extradition marks a milestone in the fight against state-sponsored cybercrime. While he has pleaded not guilty, the evidence against him is substantial. As the trial unfolds, the world will be watching to see whether this sets a precedent for holding Chinese hackers accountable in U.S. courts. For now, the message is clear: the United States is willing to go to great lengths to protect its digital borders.