US Charges Chinese Man Accused of Hacking Into Universities to Steal COVID-19 Research

Udumbara Udumbara
Jul 10, 2025 - 10:10 Updated: Jul 10, 2025 - 09:56
0
US Charges Chinese Man Accused of Hacking Into Universities to Steal COVID-19 Research
.
The Department of Justice (DOJ) announced charges on July 8 against a Chinese national taken into custody in Italy at the behest of Washington, and accused him of hacking into several U.S. universities to steal COVID-19 research at the direction of China’s main intelligence agency.
Xu Zewei, 33, was arrested in Milan, Italy, on July 3 by Italian law enforcement officials and FBI agents as he departed a plane from China. Xu and another Chinese national, Zhang Yu, 44, who remains at large, are charged in a nine-count indictment unsealed in the Southern District of Texas on Tuesday for their alleged involvement in computer intrusions between February 2020 and June 2021.

According to the indictment, Xu was a general manager at a Chinese company called Shanghai Powerock Network, which allegedly conducted hacking operations at the direction of the Shanghai State Security Bureau (SSSB) under China’s Ministry of State Security (MSS).

The DOJ said that Xu’s case exemplifies the Chinese regime’s use of a vast network of private companies and contractors in China to carry out hacking and information theft in a manner that concealed Beijing’s involvement.

“The indictment alleges that Xu was hacking and stealing crucial COVID-19 research at the behest of the Chinese government while that same government was simultaneously withholding information about the virus and its origins,” Nicholas Ganjei, U.S. attorney for the Southern District of Texas, said in a statement.

“The Southern District of Texas has been waiting years to bring Xu to justice and that day is nearly at hand. As this case shows, even if it takes years, we will track hackers down and make them answer for their crimes. The United States does not forget.”

The CIA, FBI, and Energy Department have determined that the COVID-19 pandemic likely originated from a laboratory in China, an assessment that Beijing has dismissed. Chinese authorities initially downplayed the severity of the outbreak for several weeks before it escalated into a pandemic.
The FBI’s Houston Field Office, which is investigating the case, said that Xu is allegedly “one of the first hackers linked to Chinese intelligence services to be captured by the FBI,” according to a post on social media platform X on July 8.
“Our investigation revealed that the PRC government will stop at nothing to steal from America. They have no shame in their actions, and no respect for international laws,” the Houston Field Office added in a separate X post. “Their only regret is that their criminal conduct is now unmasked and laid bare for the world to see.”

Hacking

Xu and his coconspirators are accused of hacking the networks of several U.S.-based universities, as well as the email accounts of immunologists and virologists conducting research into COVID-19 vaccines, treatment, and testing.

Prosecutors did not name the universities. According to the indictment, two universities are based in the Southern District of Texas, identified only as “UNIVERSITY 1” and “UNIVERSITY 3,” and the third, identified only as “UNIVERSITY 2,” is located in North Carolina. An unnamed law firm, with offices in the United States and elsewhere, was also targeted.

Xu allegedly compromised the network of “UNIVERSITY 1” on Feb. 19, 2020, according to prosecutors. Three days later, an SSSB officer directed Xu to target and access certain email accounts belonging to the university’s virologists and immunologists. According to the indictment, Xu informed the officer that he had “acquired the contents of the mailboxes” days later.

Xu and Zhang are also accused of being part of a China-sponsored hacking group called Hafnium, which garnered global attention in 2021 after Microsoft identified the group for exploiting the vulnerabilities in its Exchange Server email program.
“Through HAFNIUM, the CCP targeted over 60,000 U.S. entities, successfully victimizing more than 12,700 in order to steal sensitive information,” Brett Leatherman, assistant director of the FBI’s cyber division, said in a statement.

Xu and his coconspirators began exploiting the Exchange Server vulnerabilities in late 2020, prosecutors said. According to the indictment, Xu confirmed to Zhang that he had compromised the computer network of “UNIVERSITY 3” on Jan. 30, 2021, after the coconspirators breached the school’s computers running the Exchange Server and installed web shells on them to enable remote administration.

Using similar techniques associated with the Exchange Server, Xu and his coconspirators gained access to the law firm’s computer and used keywords such as “HongKong” and “MSS” to look for information regarding specific U.S. policymakers and government agencies.

The charges Xu faces include wire fraud, aggravated identity theft, and conspiracy to cause damage to and obtain information by unauthorized access to protected computers. He faces up to 20 years in prison for the wire fraud charges alone.

On Tuesday, Xu’s lawyer said that his client is a victim of mistaken identity, given that his surname is common in China, and his cellphone had been stolen since 2020.

Xu appeared before an appeals court in Milan and opposed extradition to the United States.

Reuters contributed to this report.
.
Read More