A man accused in a global hacking campaign tied to COVID-19 research has been extradited to Houston and now faces federal charges.
HOUSTON — A man accused of carrying out a wide-ranging cyber espionage campaign tied to China’s intelligence services has been extradited to Houston and is now facing federal charges. Prosecutors with the U.S. Attorney’s Office say the case involves the theft of sensitive COVID-19 research and a global hacking operation that targeted thousands of systems.
The suspect, Xu Zewei, 34, appeared in federal court in Houston after being extradited to the United States this weekend. Investigators say the alleged hacking activity took place between February 2020 and June 2021 and targeted organizations in the U.S. and around the world. Authorities say thousands of computers were compromised, including systems tied to U.S. universities and other institutions. Xu is charged alongside Zhang Yu, 44, who remains at large.
According to court documents, Xu allegedly worked under the direction of China’s Ministry of State Security and its Shanghai State Security Bureau. Investigators say he was part of a broader network of contractors used by the Chinese government to carry out hacking operations targeting universities, researchers, and other organizations.
Prosecutors allege that in early 2020, Xu and others targeted U.S.-based universities and scientists conducting COVID-19 research. Court records say he accessed email accounts belonging to virologists and immunologists and reported the results back to Chinese intelligence officials.
Later, beginning in late 2020, investigators say Xu helped exploit vulnerabilities in Microsoft Exchange Server systems. The effort was part of a broader intrusion campaign known as “HAFNIUM,” which compromised thousands of computers worldwide. Authorities say the group installed web shells on infected systems, allowing continued remote access and data theft.
Among the victims were U.S. universities, including at least one in the Southern District of Texas, as well as a law firm with offices in Washington, D.C. Investigators say the hackers searched stolen data for information related to U.S. policymakers and government agencies.
Federal officials say the case underscores efforts to pursue cybercriminals beyond U.S. borders. “The United States is committed to pursuing hackers who steal information from U.S. businesses and universities and threaten our cybersecurity,” Assistant Attorney General John Eisenberg said. Authorities also credited Italian law enforcement for helping locate and extradite Xu from Milan.
Xu faces a nine-count indictment that includes charges of wire fraud, computer intrusion, and identity theft. If convicted, he could face decades in prison. Authorities say the investigation remains ongoing, and Xu’s alleged co-conspirator is still at large.
Got a news tip or story idea? Email us at newstips@khou.com or call 713-521-4310 and include the best way to reach you.
