Milan, Italy (Agencies) July 9, 2025 — In a major international law enforcement operation, Xu Zewei, a 33-year-old Chinese national, was arrested at Milan’s Malpensa Airport on July 3 by Italian authorities acting on a U.S. federal warrant. The arrest, coordinated with the FBI’s Houston Field Office, marks one of the first successful captures of a Chinese state-linked hacker by U.S. authorities.
Xu is accused of orchestrating a large-scale cyber espionage campaign between February 2020 and June 2021, targeting U.S. universities, virologists, and immunologists involved in COVID-19 vaccine research. He allegedly acted under the direction of China’s Ministry of State Security (MSS) and its Shanghai State Security Bureau (SSSB), using his position at Shanghai Powerock Network Co. Ltd., a company contracted to conduct cyber operations for the Chinese government.
According to the unsealed indictment, Xu and his co-conspirator Zhang Yu (still at large) were behind the infamous “HAFNIUM” cyberattack, which exploited vulnerabilities in Microsoft Exchange Server software. The campaign compromised over 60,000 systems globally, including U.S. research institutions and a law firm in Washington, D.C. The hackers reportedly installed web shells to maintain persistent access and searched for terms like “Chinese sources,” “MSS,” and “HongKong”.
The charges against Xu include:
- Wire fraud and conspiracy
- Unauthorized access to protected computers
- Intentional damage to protected systems
- Aggravated identity theft
If convicted, Xu faces decades in prison and fines up to $250,000 per count.
Xu is currently held in precautionary detention in Italy’s Busto Arsizio prison, awaiting extradition proceedings. Italian Judge Veronica Tallarida validated the arrest, citing a high flight risk. His mobile phone has been seized for forensic analysis.
The FBI and U.S. Justice Department have emphasized that this arrest demonstrates their long-term commitment to tracking foreign cyber operatives, regardless of how long it takes. Zhang Yu remains at large, and the FBI has urged the public to report any information on his whereabouts.