US arrests Silk Typhoon hacker accused of stealing Covid research and mass email hacking

News
By published

Chinese national arrested in Italy over hacking claims

wo human figure including America and China flag are in confrontation on the world background
(Image credit: Shutterstock)
  • 33-year-old man was accused of spying for the Chinese government
  • FBI alleges he is part of the Silk Typhoon hacking collective
  • If convicted, he might be looking at decades in jail

Italian law enforcement has arrested a 33-year-old Chinese national for allegedly spying on the United States.

Landing at Milan’s Malpensa airport on a flight from China, Zewei Xu was apprehended by local police, and according to Italian news agency ANSA, is wanted by the FBI for allegedly participating in cyber-espionage operations for China, targeting data surrounding anti-COVID vaccines that were being produced at the University of Texas back in 2020.

Citing “interior ministry documents”, ANSA said Xu is accused of being part of Hafnium, an infamous state-sponsored threat actor also known as Silk Typhoon. With this group, Xu allegedly “targeted thousands of computers around the world” to get information on “various US government policies.”

Get 55% off Incogni's Data Removal service with code TECHRADAR

Get 55% off Incogni's Data Removal service with code TECHRADAR

Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
and protect your privacy from unwanted spam and scam calls.

View Deal

Typhoons against critical infrastructure

There will be a hearing early next week, at Milan’s Court of Appeals, to determine whether or not Xu will be extradited to the United States.

While his family claims he is an IT manager at Shanghai GTA Semi Conductor, where he develops IT systems and network infrastructure, American authorities accuse Xu of wire fraud and aggravated identity theft.

If convicted, Xu is looking at a maximum punishment of 20 years in prison, as well as an additional five years for unauthorized access to protected computers.

Silk Typhoon is one of many “typhoon” groups (Flax Typhoon, Silk Typhoon, and others), all of which are apparently state-sponsored and engaged in various forms of cybercriminal activity.

Critical infrastructure firms, government organizations, telecommunications companies, and similar, are the typhoons’ most common targets.

In mid-April 2025, amid a serious escalation of hostilities between the US and China, senior Chinese officials apparently acknowledged behind closed doors that Beijing was involved in a series of cyberattacks on US critical infrastructure, conducted by Volt Typhoon.

This group was infiltrating US critical infrastructure systems for years, including compromising energy, communications, transportation, and water industries.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.