Chinese national arrested in Italy for alleged COVID-19 research theft and mass hacking of US email servers.

The US Justice Department has confirmed the arrest of Chinese national Xu Zewei, accused of hacking and stealing COVID-19 research from US universities and carrying out mass hacks of Microsoft Exchange servers. Xu allegedly worked for a company conducting hacking operations for the Chinese government and is accused of stealing private company mailboxes and address books. Another Chinese national, Zhang Yu, remains at large.

The U.S. Justice Department has confirmed the arrest of Chinese national Xu Zewei, accused of hacking and stealing COVID-19 research from U.S. universities and carrying out mass hacks of Microsoft Exchange servers. Xu was arrested in Italy at the request of U.S. prosecutors.

Xu and another Chinese national, Zhang Yu, who remains at large, are accused in a nine-charge indictment of "hacking and stealing crucial COVID-19 research" from U.S. universities during February 2020. The DOJ said Xu worked for a company called Shanghai Powerock Network, which conducted hacking operations for the Chinese government.

The alleged hackers are also accused of the mass hacks of Microsoft Exchange servers beginning in March 2021. The hackers, publicly referred to as a group called Hafnium, broke into more than 60,000 self-hosted Exchange servers run by mostly small businesses across the United States, allowing the theft of private company mailboxes and address books.

Hafnium has since launched a new hacking campaign, dubbed Silk Typhoon, which researchers say is known for hacking into big companies and government agencies.

The indictment alleges that Xu was hacking and stealing crucial COVID-19 research at the behest of the Chinese government while that same government was simultaneously withholding information about the virus and its origins [1]. Xu was arrested in Milan, Italy, and will face extradition proceedings.

Xu is charged with conspiracy to commit wire fraud and two counts of wire fraud, which carries a maximum penalty of 20 years in prison for each count; conspiracy to cause damage to and obtain information by unauthorized access to protected computers, to commit wire fraud, and to commit identity theft, which carries a maximum penalty of five years in prison; two counts of obtaining information by unauthorized access to protected computers, which carries a maximum penalty of five years in prison; two counts of intentional damage to a protected computer, which carries a maximum penalty of 10 years in prison; and aggravated identity theft, which carries a maximum penalty of two years in prison [1].

The FBI’s Houston Field Office is investigating the case. The Justice Department’s Office of International Affairs provided valuable assistance in securing the defendant’s arrest. Assistant U.S. Attorneys Mark McIntyre and John Marck for the Southern District of Texas and Deputy Chief Matthew Anzaldi of the National Security Division’s National Security Cyber Section are prosecuting the case. The Justice Department’s Office of International Affairs is handling the extradition [1].

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law [1].

References:
[1] https://www.justice.gov/opa/pr/justice-department-announces-arrest-prolific-chinese-state-sponsored-contract-hacker