The suspect in the Silk Typhoon robbery has been extradited to the United States to face charges
A man suspected of working as a hacker for China’s State Security Ministry has been extradited to the USA from Italy, and will face – if convicted – the prospect of decades in prison.
Xu Zewei, 34, arrived in Houston, Texas over the weekend after Italian authorities approved his extradition to the United States. In federal court on Monday, he pleaded not guilty, and is currently being held at the Federal Detention Center in Houston.
Xu, who has always denied the charges and insists that Italian police arrested the wrong man, was arrested in July 2025 while on holiday in Milan with his wife.
According to the indictment, Xu and his colleagues spent the first months of 2020 trying to steal coronavirus research from American universities, immunologists and virologists.
While the world’s scientists raced to understand COVID-19, the alleged hackers were quietly trying to finish their work on vaccines, treatments and testing. One of the institutions reportedly targeted was the University of Texas.
The US Department of Justice says Xu was acting on instructions from officials at the Shanghai State Security Bureau, an arm of China’s State Security Ministry. At the time, Xu was employed by the Shanghai Powerock Network, a Chinese company that prosecutors say was there to rob Beijing.
Xu is accused of being part of Hafnium – a Chinese government-backed hacking group that Microsoft dubbed Silk Typhoon.
This hacker group has been blamed for a zero-day attack on Microsoft Exchange Server that began in early 2021. Using an array of previously unknown vulnerabilities, attackers compromised as many Internet-facing Exchange servers as they could, opening themselves up to long-term access.
According to the FBI, Hafnium targeted more than 60,000 organizations in the United States and succeeded in more than 12,700 of them. Those organizations affected by the spate of attacks have varied from defense contractors and law firms to infectious disease researchers.
Predictably, China has denied any involvement. China’s Foreign Ministry has opposed Xu’s extradition to the United States, saying the charges are being framed against Chinese citizens.
If convicted of all charges — which include fraud, conspiracy to damage secure computers, and aggravated data theft — Xu could spend decades in prison.
What makes this case unusual is that many of the government-sponsored criminals prosecuted by the US Department of Justice have never seen the inside of an American courtroom. This is because the alleged perpetrators of these incidents live in countries that have no intention of surrendering their citizens to the American legal system.
But every so often, the suspect makes the mistake of going on vacation somewhere with an extradition treaty with the United States.
For organizations caught up in the early 2021 free Exchange Server, this week’s news may bring a small sense of reassurance.
For the rest of us, it’s a useful reminder that the people behind these massive, headline-grabbing campaigns are not flawless ghosts. They have names, employers, and – occasionally – travel plans.
And sometimes, those plans don’t turn out the way they expected.
