The U.S. Department of Justice has officially confirmed the arrest of Xu Zewei, a Chinese national identified as a prolific contract hacker linked to state-sponsored cyber operations. Italian authorities apprehended Xu following an urgent request from U.S. federal prosecutors.
The Indictment: From COVID Research to Global Espionage
Xu and his associate, Zhang Yu—who remains a fugitive—are facing a nine-charge indictment. Prosecutors allege that the duo orchestrated a sophisticated campaign in February 2020 to infiltrate U.S. universities and pilfer critical COVID-19 research.
According to the DOJ statement, Xu operated under the banner of Shanghai Powerock Network, a firm reportedly acting as a front for Chinese government-backed hacking initiatives.
Mass Exploitation of Microsoft Exchange Servers
Beyond the theft of medical research, the hackers are implicated in the widespread compromise of Microsoft Exchange servers that began in March 2021. Operating under the moniker “Hafnium,” the group exploited vulnerabilities to breach over 60,000 self-hosted servers across the United States.
These attacks primarily targeted small businesses, granting the perpetrators unauthorized access to sensitive company mailboxes and internal address books. The scale of the intrusion triggered significant security alerts across the American private sector.
Evolving Threats: The Rise of Silk Typhoon
The threat actor identified as Hafnium has continued to evolve its tactics. Intelligence researchers have linked the group to a subsequent, aggressive campaign known as “Silk Typhoon.” This new iteration of their operations has shifted focus toward targeting major corporations and government agencies, signaling a persistent and escalating cyber threat to national security and commercial infrastructure.