U.S. Secures Historic Extradition of Alleged Chinese State-Backed Hacker After Multi-Year Global Manhunt

Chinese national Xu Zewei faces 62 years in prison after being extradited for Silk Typhoon hacking operations targeting US COVID research and Microsoft servers.

By: AXL Media

Published: Apr 29, 2026, 3:41 AM EDT

Source: Information for this report was sourced from FDD

A Landmark Victory in Transatlantic Cyber Cooperation

The United States Department of Justice reached a definitive milestone in its pursuit of foreign state-sponsored cyber criminals with the successful extradition of Xu Zewei. Arrested in Milan in July 2025 at the request of the FBI, Xu was transferred to U.S. custody over the weekend and made his initial appearance in a federal court in Houston on Monday, April 27. Acting U.S. Attorney John G.E. Marck characterized the arrival of the defendant as the culmination of years of persistent investigation across continents. The case represents a rare instance of a Chinese operative being brought to American soil to face justice, signaling a tightening net around state-linked contractors who previously operated with perceived impunity.

Unmasking the Shanghai Powerock Network

Federal prosecutors allege that Xu operated as a key contract hacker for Shanghai Powerock Network, a firm identified as a front for the Shanghai State Security Bureau of China’s Ministry of State Security (MSS). According to court filings, Xu and his co-conspirators were directed by intelligence officers to infiltrate the networks of U.S. universities and private research laboratories. The indictment details how Xu specifically targeted the email accounts of virologists and immunologists to extract confidential data on vaccine development, testing protocols, and therapeutic treatments during the peak of the global pandemic. This strategic theft was reportedly intended to bypass years of legitimate scientific research to accelerate China's own domestic medical advancements.

Exploiting the HAFNIUM Microsoft Breach

Beyond the theft of medical data, the Department of Justice has linked Xu to the notorious HAFNIUM cyber campaign, now more broadly categorized by intelligence agencies as Silk Typhoon. Investigators claim Xu played a vital role in exploiting zero-day vulnerabilities in Microsoft Exchange Server software between 2020 and 2021. This sweeping intrusion campaign allowed hackers to deploy "web shells" for persistent remote access, ultimately compromising more than 12,700 organizations in the United States alone. The list of victims extends beyond scientific institutions to include defense contractors, global law firms, and policy think tanks, providing the MSS with a vast repository of sensitive American data.