PRC NATIONAL EXTRADITED TO UNITED STATES ON CYBER INTRUSION CHARGES LINKED TO HAFNIUM CAMPAIGN AND TARGETING OF COVID-19 RESEARCH

HOUSTON — Federal authorities have announced that a citizen of the People’s Republic of China has been extradited to the United States and made an initial appearance in federal court in connection with a multi-count indictment alleging involvement in computer intrusions targeting U.S. entities, including COVID-19 research institutions and systems affected by the HAFNIUM intrusion campaign.

Xu Zewei (徐泽伟), 34, appeared in federal court following his extradition on April 25. He remains in custody pending a detention hearing scheduled for April 30 before U.S. Magistrate Judge Richard W. Bennett. Xu is charged in a nine-count indictment related to alleged computer intrusion activity conducted between February 2020 and June 2021.

A co-defendant, Zhang Yu (张宇), 44, also a national of the People’s Republic of China, has been charged in connection with the same activity and remains at large.

According to court documents, the alleged intrusions include activity associated with the HAFNIUM campaign, a large-scale exploitation of vulnerabilities in Microsoft Exchange Server systems that resulted in the compromise of thousands of computers worldwide, including systems located within the United States. Federal authorities stated that more than 12,700 U.S.-based organizations were impacted by the campaign.

The charges further allege that Xu conducted computer intrusions under the direction of officers affiliated with the Ministry of State Security’s Shanghai State Security Bureau. These entities are identified in the indictment as components of the People’s Republic of China’s intelligence structure responsible for domestic counterintelligence and foreign intelligence activities. At the time of the alleged conduct, Xu was employed by Shanghai Powerock Network Co. Ltd., identified in the charging documents as a company operating within a broader network of entities engaged in computer intrusion activity.

Investigators allege that in early 2020, Xu and associated actors targeted U.S.-based universities, including institutions conducting research related to COVID-19 vaccines, treatments, and testing. According to the indictment, Xu reported access to compromised systems to supervisory personnel and was directed to obtain specific email account data belonging to researchers engaged in virology and immunology work. Authorities allege that contents of those accounts were subsequently acquired.

Beginning in late 2020, the indictment alleges that Xu and others exploited vulnerabilities in Microsoft Exchange Server systems. These intrusions involved the deployment of web shells that enabled persistent remote access to compromised networks. Federal authorities stated that these methods were consistent with those publicly associated with HAFNIUM activity during the same period.

In March 2021, Microsoft disclosed the exploitation campaign and released mitigation tools and security updates. Federal authorities, including the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, issued guidance to assist affected organizations in identifying and responding to compromises. By the end of that period, hundreds of compromised systems within the United States remained exposed due to unauthorized web shell installations.

In April 2021, the Department of Justice conducted a court-authorized operation to remove malicious web shells from affected systems within the United States. In July 2021, the United States and partner nations publicly attributed the HAFNIUM intrusion activity to actors affiliated with the People’s Republic of China’s Ministry of State Security.

Among the victims identified in the indictment were additional universities located in the Southern District of Texas and a law firm with offices in multiple jurisdictions, including Washington, D.C. Authorities allege that access to these systems enabled the search and acquisition of email communications, including queries related to U.S. policymakers, government agencies, and terms associated with intelligence and geopolitical topics.

The indictment further states that the alleged activity was part of a broader system involving private companies and contractors operating within China that conduct computer intrusions to obtain information. According to federal authorities, this model involves identifying vulnerable systems, exploiting access points, and acquiring data that may be transferred or made available through indirect channels.

Xu Zewei faces multiple federal charges, including:

• Conspiracy to commit wire fraud and wire fraud (maximum penalty of 20 years per count)
• Conspiracy involving unauthorized access to protected computers and identity-related offenses (maximum penalty of 5 years)
• Unauthorized access to protected computers (maximum penalty of 5 years per count)
• Intentional damage to protected computers (maximum penalty of 10 years per count)
• Aggravated identity theft (mandatory consecutive sentence of 2 years)

The Federal Bureau of Investigation Houston Field Office is conducting the investigation. The case is being prosecuted by the U.S. Attorney’s Office for the Southern District of Texas and the National Security Division’s National Security Cyber Section. The Department of Justice’s Office of International Affairs coordinated with Italian authorities to secure Xu’s arrest in Milan and subsequent extradition to the United States.

Zhang Yu remains at large. Anyone with information regarding his whereabouts is encouraged to contact the FBI at 1-800-CALL-FBI.

---

U.S. Department of Justice — Federal Indictment (S.D. Texas)

---

---

---

---

---

---

---

---

---

---

🔥 NOW AVAILABLE! 🔥

‎👉 Eclipsera – Apple Music

---

---

---

---

---