- Cyber Syrup
- Posts
- Chinese Hacker Arrested in Italy for U.S. Cyber Espionage Linked to Silk Typhoon
Chinese Hacker Arrested in Italy for U.S. Cyber Espionage Linked to Silk Typhoon
Italian authorities have arrested a Chinese national, Xu Zewei, in Milan over his alleged role in a wave of cyberattacks linked to Silk Typhoon
Sponsored by
CYBER SYRUP
Delivering the sweetest insights on cybersecurity.
Not All AI Notetakers Are Secure. Here’s the Checklist to Prove It.
You wouldn’t let an unknown vendor record your executive meetings, so why trust just any AI?
Most AI notetakers offer convenience. Very few offer true security.
This free checklist from Fellow breaks down the key criteria CEOs, IT teams, and privacy-conscious leaders should consider before rolling out AI meeting tools across their org.
Chinese Hacker Arrested in Italy for U.S. Cyber Espionage Linked to Silk Typhoon
Italian authorities have arrested a Chinese national, Xu Zewei, in Milan over his alleged role in a wave of cyberattacks linked to Silk Typhoon—a state-sponsored hacking group also known as Hafnium or UNC5221. Xu, 33, is accused of participating in coordinated cyber intrusions that targeted American government agencies, universities, and private organizations.
The arrest stems from a U.S. indictment charging Xu with nine counts of wire fraud, aggravated identity theft, and unauthorized access to protected computers.
Details of the Cyber Campaign
According to the U.S. Department of Justice, Xu and his alleged co-conspirator, Zhang Yu, operated under the direction of China’s Ministry of State Security (MSS) via its Shanghai State Security Bureau (SSSB). Their primary objective: conducting cyber espionage against U.S. targets, especially during the height of the COVID-19 pandemic.
Between February 2020 and June 2021, Xu reportedly exploited zero-day vulnerabilities in Microsoft Exchange Server, launching a campaign that compromised thousands of systems globally. Microsoft attributed this activity to the Hafnium group, which targeted:
U.S. government agencies
Private-sector firms
Universities researching COVID-19 vaccines, including the University of Texas
The hackers allegedly stole sensitive information by exploiting these flaws before Microsoft issued patches.
The Role of Silk Typhoon
Silk Typhoon is a well-documented Chinese state-sponsored APT (Advanced Persistent Threat) group. Known for its supply chain attacks and use of undisclosed (zero-day) vulnerabilities, the group has targeted more than 60,000 U.S. entities, compromising over 12,700 systems in the Hafnium operation alone.
Xu was reportedly working for a front company, Shanghai Powerock Network Co. Ltd., a detail that supports long-standing allegations that China uses private contractors to conduct cyber espionage, thus providing the government plausible deniability.
Legal Proceedings and Response
Xu has denied the charges and is contesting extradition to the United States. His legal team claims a case of mistaken identity, citing the commonality of his surname and a stolen mobile phone in 2020 as possible sources of confusion.
Despite the arrest, experts warn the broader threat remains.
"Government sponsors are not going to be deterred. The arrest is unlikely to bring operations to a halt or even significantly slow them," said John Hultquist, Chief Analyst at Google Threat Intelligence Group. "But it may give some of these talented young hackers a reason to think twice."
Takeaway
While Xu's arrest marks a high-profile win in the global fight against cyber espionage, it highlights the persistent threat posed by nation-state hacking groups. As state actors continue to leverage private contractors and sophisticated toolkits, international cooperation and cybersecurity vigilance remain critical.