Chinese Hacker Arrested In Italy For Stealing US COVID-19 Vaccine Research On Orders From Beijing

In a significant development in global cybercrime enforcement, US authorities have announced the arrest of Xu Zewei, a 33-year-old Chinese national, in Milan, Italy. The arrest, made on July 3 at the request of the US Department of Justice (DOJ), follows a multi-year investigation into cyber intrusions targeting COVID-19 research in the United States. Xu, along with co-defendant Zhang Yu, 44, is accused of acting on behalf of China’s Ministry of State Security (MSS) to steal sensitive research and data during the height of the global pandemic.

Court documents reveal that Xu operated under the Shanghai State Security Bureau (SSSB), a division of China’s MSS, and worked for Shanghai Powerock Network Co. Ltd., a government-linked contractor. He allegedly led a hacking campaign that targeted American universities, virologists, and immunologists working on COVID-19 vaccines, tests, and treatments beginning in early 2020.

Yesterday, in coordination with our international partners, Xu Zewei was arrested Italy.

Xu is accused of hacking U.S. universities and stealing critical COVID-19 research on behalf of the Chinese Communist Party.

The CCP’s relentless attacks on our institutions will not go… pic.twitter.com/UbEg1x2byr

— FBI Director Kash Patel (@FBIDirectorKash) July 9, 2025

Zhang remains at large, and the FBI has urged anyone with information on his whereabouts to contact them.

ALSO READ: 'Put His Hand In My Bra...': Model Accuses Indian-Origin Priest Of Molesting Her Inside Temple In Malaysia

HAFNIUM Campaign: Thousands Of Global Victims

According to the DOJ, Xu and Zhang were central to the HAFNIUM hacking campaign, a cyber-espionage operation publicly attributed to Chinese state actors. The group exploited vulnerabilities in Microsoft Exchange Server software to breach more than 12,700 entities, including US law firms, universities, and government-related institutions. Once inside these systems, the hackers deployed web shells for prolonged access and extracted sensitive communications and policy-related information.

Among the affected organisations was a research university in the Southern District of Texas, where Xu confirmed to Chinese officials that he had successfully accessed researchers’ email accounts.

US Officials Condemn State-Sponsored Theft

US officials expressed strong condemnation of the Chinese government's actions. “This arrest underscores our commitment to holding state-sponsored hackers accountable,” said Assistant Attorney General John A. Eisenberg. US Attorney Nicholas Ganjei added, “The Southern District of Texas has waited years to bring Xu to justice.”

ALSO READ: Canada Plane Crash: Indian Student Pilot Killed When Two Pilots Attempt To Land At Same Time

The arrest marks a critical moment in US efforts to expose and deter foreign cyber espionage. The DOJ’s Office of International Affairs is now coordinating Xu’s extradition to the United States, where he will stand trial. The Justice Department emphasised that the charges are allegations and that Xu remains presumed innocent until proven guilty.