A Chinese national named Xu Zewei has been arrested in Milan, Italy, for his alleged involvement in a state-sponsored hacking group known as Silk Typhoon. He is accused of carrying out cyber attacks against American organizations and government agencies.
Xu, who is 33 years old, has been charged with nine counts of wire fraud, conspiracy to cause damage to protected computers, and aggravated identity theft. The arrest details were first reported by Italian media.
Between February 2020 and June 2021, Xu is said to have participated in U.S. computer intrusions, including a mass attack using zero-day flaws in Microsoft Exchange Server, known as Hafnium.
The suspect is also alleged to have engaged in China’s espionage efforts during the COVID-19 pandemic, attempting to access vaccine research at U.S. universities.
Xu and his co-defendant, Zhang Yu, are believed to have carried out the attacks under the direction of the Ministry of State Security’s Shanghai State Security Bureau.
Silk Typhoon, also known as UNC5221, is notorious for exploiting zero-day vulnerabilities and compromising technology firms in supply chain attacks. The group targeted over 60,000 U.S. entities, successfully breaching more than 12,700 through the Hafnium campaign.
Xu worked for Shanghai Powerock Network Co. Ltd. during the attacks, indicating China’s use of contractors and private firms for state-sponsored espionage.
Xu has opposed the extradition request, claiming mistaken identity, and stating that his mobile phone was stolen in 2020.
Despite the arrest, cybersecurity experts believe that Chinese government-sponsored cyber espionage operations will continue, with talented hackers potentially reconsidering their involvement.
Leaked documents related to VenusTech and Salt Typhoon shed light on China’s state-sanctioned data collection and cybercriminal activities in Western digital crime spaces.
