Italian authorities have arrested Chinese national Xu Zewei, 33, at Milan’s Malpensa Airport in connection with a sweeping U.S. investigation into cyber espionage tied to the theft of sensitive COVID-19 vaccine data. The arrest, carried out on July 3, was prompted by an international alert issued by the FBI, which accuses Xu of being a key member of “Hafnium,” a notorious Chinese government-backed hacking group.
Xu is alleged to have participated in cyber intrusions against U.S. institutions, including the University of Texas, to steal research and intellectual property related to the development of COVID-19 vaccines. The FBI and U.S. Department of Justice (DOJ) say these operations were part of a wider espionage effort orchestrated by Hafnium, which exploited vulnerabilities in American systems to infiltrate tens of thousands of networks globally.
Alleged Role in Hafnium’s Global Cyber Campaign
According to U.S. officials, Xu played a direct role in Hafnium’s 2020 and 2021 cyber campaigns. These attacks included the exploitation of zero-day vulnerabilities in Microsoft Exchange servers that impacted over 60,000 American entities. The cyberattacks were reportedly designed to extract high-value scientific and health data during the height of the pandemic.
Xu is currently facing a series of federal charges in the United States, including:
- Conspiracy to commit computer fraud
- Unauthorized access to protected computers
- Wire fraud
- Aggravated identity theft
If convicted, these charges could result in decades behind bars.
Dispute Over Identity
Xu’s defense team and family argue that the arrest is a case of mistaken identity. His wife, speaking to Italian authorities, said that Xu is a legitimate IT manager at Shanghai GTA Semiconductor Ltd. and had traveled to Italy with a valid visa for vacation purposes. “His receiving an entry visa to Italy should confirm that we have not committed any crimes,” she said. “I cannot understand the reason for my husband’s arrest.”
Xu’s attorney emphasized that the surname “Xu” is exceedingly common in China and warned that his client is being wrongfully targeted due to a misidentification. He added that Xu has no criminal record and has never been involved in any cybercrime.
Extradition Process Underway
The case has now entered a critical legal phase. A Milan court will determine whether Xu will be extradited to the United States to face trial. Italian judicial authorities are currently reviewing the evidence submitted by U.S. prosecutors, while Xu remains in custody pending the decision.
The arrest has triggered renewed diplomatic tensions surrounding international cybercrime investigations and the challenges in proving digital attribution across borders.
U.S. Efforts to Combat State-Sponsored Cybercrime
Xu’s arrest is part of a broader U.S. strategy to hold cybercriminals — particularly those linked to state-sponsored operations — accountable, even when they operate beyond American borders. The DOJ has been actively working with foreign governments to track and apprehend individuals involved in cyberattacks on U.S. interests.
Last year, for example, Spanish authorities, working in coordination with the U.S., apprehended a British national tied to the infamous hacking group “Scattered Spider.”
Why It Matters
This case underscores the growing sophistication of cyber threats and the geopolitical complexities of prosecuting digital crimes across jurisdictions. The alleged theft of COVID-19 research data during a global pandemic raises significant concerns about biosecurity, intellectual property theft, and the role of cyberwarfare in international relations.
If extradited, Xu Zewei could become one of the highest-profile cyber suspects to face trial in the U.S. for espionage-related crimes linked to the pandemic era.
What’s Next?
The Milan court is expected to issue a ruling in the coming weeks regarding Xu’s extradition. Meanwhile, the case will continue to draw scrutiny from both legal experts and international observers monitoring China’s role in global cyber operations.
User-Intent Takeaway:
What happened? — A Chinese IT manager accused of cyberespionage was arrested in Italy.
Why does it matter? — He’s linked to alleged COVID-19 data theft and global cyberattacks targeting U.S. institutions.
What’s next? — An Italian court will decide on extradition to the U.S. amid claims of mistaken identity and growing international tensions.