July 8: 
national Xu Zewei (徐泽伟) was arrested in Milan, Italy, on July 3 at the request of the US. Xu and co-defendant national Zhang Yu (张宇) are charged for their involvement in computer intrusions between Feb 2020 and June 2021, including the indiscriminate HAFNIUM computer intrusion campaign that compromised thousands of computers in the US and worldwide. Xu will face extradition proceedings. Zhang remains at large.
Officers of Ministry of State Security’s Shanghai State Security Bureau (SSSB) directed Xu to conduct this hacking. When conducting the computer intrusions, Xu worked for Shanghai Powerock Network Co Ltd, one of many “enabling” companies in China that conducted hacking for government.
In early 2020, Xu and his co-conspirators hacked and otherwise targeted US-based universities, immunologists, and virologists conducting research into COVID‑19 vaccines, treatment, and testing. Xu and others reported their activities to officers in the SSSB who were supervising and directing the hacking activities. On or about Feb 19, 2020, Xu provided an SSSB officer with confirmation that he had compromised the network of a research university in the Southern District of Texas. On or about Feb 22, 2020, the SSSB officer directed Xu to target and access specific email accounts (mailboxes) belonging to virologists and immunologists engaged in COVID-19 research for the university. Xu later confirmed for the SSSB officer that he acquired the contents of the researchers’ mailboxes.
Beginning in late 2020, Xu and his co-conspirators exploited certain vulnerabilities in Microsoft Exchange Server. Their exploitation of MS Exchange Server was at the forefront of a massive campaign targeting thousands of computers worldwide and known publicly as HAFNIUM. In Mar 2021, Microsoft publicly disclosed the intrusion campaign by state-sponsored hackers operating out of China. In July 2021, the US and foreign partners attributed the HAFNIUM campaign to MSS.
Among the victims of Xu’s exploitation of MS Exchange Server were another university located in the Southern District of Texas and a law firm with offices worldwide, including in Washington, DC. After exploiting computers running MS Exchange Server, Xu and his co-conspirators installed web shells on them to enable their remote administration. These web shells were specific to HAFNIUM actors at the time. As with the earlier COVID-19 research intrusions, Xu and Zhang worked together on the HAFNIUM intrusions, under the supervision and direction of SSSB officers. On or about Jan 30, 2021, Xu confirmed to Zhang that he had compromised the other university’s network. Later, on or about Feb 28, 2021, Xu updated a SSSB officer on his successful intrusions. This SSSB officer then directed Xu to obtain a list of other, successful intrusions from a second SSSB officer. Unauthorized access to the law firm’s network allowed Xu and his co-conspirators to steal information from mailboxes and search them for information regarding specific US policy makers and government agencies. Their search terms included “Chinese sources,” “MSS,” and “HongKong.”
Xu is charged with conspiracy to commit wire fraud and 2 counts of wire fraud, which carries a maximum penalty of 20 years in prison for each count; conspiracy to cause damage to and obtain information by unauthorized access to protected computers, to commit wire fraud, and to commit identity theft, which carries a maximum penalty of 5 years in prison; 2 counts of obtaining information by unauthorized access to protected computers, which carries a maximum penalty of 5 years in prison; 2 counts of intentional damage to a protected computer, which carries a maximum penalty of 10 years in prison; and aggravated identity theft, which carries a maximum penalty of 2 years in prison. All convictions would also have the potential of up to $250,000 as a possible fine.
justice.gov/opa/pr/justice
justice.gov/usao-sdtx/pr/c
justice.gov/opa/media/1407
national Xu Zewei (徐泽伟) was arrested in Milan, Italy, on July 3 at the request of the US. Xu and co-defendant national Zhang Yu (张宇) are charged for their involvement in computer intrusions between Feb 2020 and June 2021, including the indiscriminate HAFNIUM computer intrusion campaign that compromised thousands of computers in the US and worldwide. Xu will face extradition proceedings. Zhang remains at large.
Officers of Ministry of State Security’s Shanghai State Security Bureau (SSSB) directed Xu to conduct this hacking. When conducting the computer intrusions, Xu worked for Shanghai Powerock Network Co Ltd, one of many “enabling” companies in China that conducted hacking for government.
In early 2020, Xu and his co-conspirators hacked and otherwise targeted US-based universities, immunologists, and virologists conducting research into COVID‑19 vaccines, treatment, and testing. Xu and others reported their activities to officers in the SSSB who were supervising and directing the hacking activities. On or about Feb 19, 2020, Xu provided an SSSB officer with confirmation that he had compromised the network of a research university in the Southern District of Texas. On or about Feb 22, 2020, the SSSB officer directed Xu to target and access specific email accounts (mailboxes) belonging to virologists and immunologists engaged in COVID-19 research for the university. Xu later confirmed for the SSSB officer that he acquired the contents of the researchers’ mailboxes.
Beginning in late 2020, Xu and his co-conspirators exploited certain vulnerabilities in Microsoft Exchange Server. Their exploitation of MS Exchange Server was at the forefront of a massive campaign targeting thousands of computers worldwide and known publicly as HAFNIUM. In Mar 2021, Microsoft publicly disclosed the intrusion campaign by state-sponsored hackers operating out of China. In July 2021, the US and foreign partners attributed the HAFNIUM campaign to MSS.
Among the victims of Xu’s exploitation of MS Exchange Server were another university located in the Southern District of Texas and a law firm with offices worldwide, including in Washington, DC. After exploiting computers running MS Exchange Server, Xu and his co-conspirators installed web shells on them to enable their remote administration. These web shells were specific to HAFNIUM actors at the time. As with the earlier COVID-19 research intrusions, Xu and Zhang worked together on the HAFNIUM intrusions, under the supervision and direction of SSSB officers. On or about Jan 30, 2021, Xu confirmed to Zhang that he had compromised the other university’s network. Later, on or about Feb 28, 2021, Xu updated a SSSB officer on his successful intrusions. This SSSB officer then directed Xu to obtain a list of other, successful intrusions from a second SSSB officer. Unauthorized access to the law firm’s network allowed Xu and his co-conspirators to steal information from mailboxes and search them for information regarding specific US policy makers and government agencies. Their search terms included “Chinese sources,” “MSS,” and “HongKong.”
Xu is charged with conspiracy to commit wire fraud and 2 counts of wire fraud, which carries a maximum penalty of 20 years in prison for each count; conspiracy to cause damage to and obtain information by unauthorized access to protected computers, to commit wire fraud, and to commit identity theft, which carries a maximum penalty of 5 years in prison; 2 counts of obtaining information by unauthorized access to protected computers, which carries a maximum penalty of 5 years in prison; 2 counts of intentional damage to a protected computer, which carries a maximum penalty of 10 years in prison; and aggravated identity theft, which carries a maximum penalty of 2 years in prison. All convictions would also have the potential of up to $250,000 as a possible fine.
justice.gov/opa/pr/justice
justice.gov/usao-sdtx/pr/c
justice.gov/opa/media/1407
Quote
Byron Wan
@Byron_Wan
July 3: Italian police arrested man Xu Zewei, aka Zavier Xu and David Xu, who is wanted by the US authorities over industrial espionage which targeted projects including efforts to develop a COVID vaccine.
Xu was picked up on an arrest warrant issued on Nov 2, 2023 by the
Show more man Xu Zewei, aka Zavier Xu and David Xu, who is wanted by the US authorities over industrial espionage which targeted projects including efforts to develop a COVID vaccine.
Xu was picked up on an arrest warrant issued on Nov 2, 2023 by the
