Chinese National Arrested for COVID Research Theft & Hacking

Alleged Chinese Hacker Xu Zewei Arrested for Cyberattacks

The U.S. Department of Justice has announced the apprehension of Xu Zewei, a Chinese citizen. He is suspected of being a highly active contract hacker engaged in cyber operations on behalf of the Chinese government.

Xu’s arrest occurred in Italy, following a request from U.S. federal prosecutors. He now faces legal proceedings in the United States.

COVID-19 Research Targeted

Alongside another individual, Zhang Yu – who is currently wanted – Xu is facing a nine-count indictment. The charges relate to the alleged theft of sensitive COVID-19 research data.

This alleged activity took place during February 2020, with U.S. universities being the primary targets of the hacking efforts.

According to the DOJ, Xu was employed by Shanghai Powerock Network. This company is believed to have been conducting hacking operations directly for the benefit of the Chinese government.

Microsoft Exchange Server Breaches

The indictment also accuses Xu and Zhang Yu of orchestrating widespread intrusions into Microsoft Exchange servers.

These attacks began in March 2021 and impacted over 60,000 servers. The majority of these compromised servers were operated by small businesses throughout the United States.

The hacking group responsible, known as Hafnium, gained access to confidential company email accounts and contact lists.

Evolution of the Threat: Silk Typhoon

The Hafnium group has evolved its tactics and initiated a new hacking campaign. This campaign, designated Silk Typhoon, is currently active.

Security researchers have identified Silk Typhoon as focusing on infiltrating large corporations and governmental organizations. This indicates a continued and escalating threat from this actor.