Chinese hacker extradited from Italy to U.S. over alleged vaccine research theft
Italy transfers accused hacker Xu Zewei to face U.S. charges after prosecutors say he stole COVID-era vaccine research from universities and firms.
The United States has received an accused Chinese hacker extradited from Italy to face charges alleging he stole vaccine research during the COVID-19 pandemic. The Chinese hacker extradited, identified by U.S. authorities as 34-year-old Xu Zewei, appeared in federal court in Houston on allegations that he and co-conspirators targeted universities, immunologists and virologists to obtain sensitive research data. U.S. prosecutors say the case centers on cyber intrusions into email systems and other vulnerabilities exploited at the height of pandemic research efforts.
Extradition and Court Appearance
The transfer of the accused took place after Italian authorities arrested him in Milan last July and completed legal procedures to hand him over to U.S. custody. Xu made an initial appearance in the U.S. District Court for the Southern District of Texas where he was formally charged with nine criminal counts, including wire fraud and conspiracy to obtain information by unauthorized access to protected computers. Prosecutors have said the alleged offenses date to the period when COVID-19 research was actively underway and that the defendant will be prosecuted in federal court.
If convicted, Xu faces severe penalties, with the most serious counts carrying potential sentences of up to 20 years in prison each. U.S. officials described the extradition as the result of sustained investigative work and international cooperation, and they signaled they intend to move forward with a trial to present the evidence behind the charges. Court documents and further procedural filings in Houston are expected to outline the scope of the alleged intrusions and the evidence law enforcement will rely on.
Alleged Targets and Tactics
U.S. prosecutors say the defendant targeted universities and research institutions engaged in COVID-related work, as well as a law firm with offices in Washington, D.C. and elsewhere. One of the institutions named in court filings was a university in southern Texas, and prosecutors contend thousands of computers were attacked as part of a campaign to harvest research data. Authorities allege the group exploited vulnerabilities in widely used email software and other systems to gain unauthorized access and extract confidential information.
The alleged intrusions focused on immunologists, virologists and other researchers whose work was central to vaccine and therapeutic development during the pandemic. Prosecutors contend the campaign sought intellectual property and sensitive information that could be used to benefit foreign research programs, and they have characterized the scale of the operation as significant given the number of affected machines and institutions.
Links to Hafnium and State-Sponsored Activity
Italian police and U.S. authorities have connected the activities to a broader cyber-espionage campaign dubbed “Hafnium,” which investigators say exploited software flaws in email platforms. The U.S. Department of Justice alleges the defendant acted at the direction of China’s Ministry of State Security while employed at a company identified as Shanghai Powerock Network. Prosecutors framed the case as an example of state-directed targeting of academic and private-sector research during an international health emergency.
Officials say the alleged operation had an enabling infrastructure and personnel who facilitated persistent intrusions, data exfiltration and concealment of activities. Those links are central to prosecutors’ narrative that the campaign was not the work of isolated criminals but part of a coordinated effort to acquire strategic research information.
International Cooperation and Law Enforcement Statements
Italian authorities described the individual as a “dangerous foreign hacker” when announcing the arrest and subsequently coordinated with U.S. officials to effect the extradition. The Department of Justice and the Italian National Police credited sustained investigative work and bilateral cooperation for advancing the case to prosecution. In a statement, Assistant Attorney General for National Security John A. Eisenberg said the United States is committed to pursuing hackers who steal information from businesses and universities and that investigators had worked hard to seek justice.
Investigative teams in multiple jurisdictions have increasingly prioritized cyber intrusions that target research during crises, and this case was highlighted by authorities as a cross-border enforcement success. Prosecutors emphasized that the legal process will determine guilt, and they indicated that more procedural steps and potential evidentiary hearings will follow in the Houston court.
Official Responses and Legal Representation
The Chinese Embassy in Washington did not immediately respond to requests for comment on the extradition, according to U.S. officials handling inquiries. Beijing has in the past rejected allegations of state-sponsored hacking operations and described similar accusations as groundless, a stance reiterated in prior responses to related incidents. Xu’s lawyers in Italy and the United States, named in court filings as Simona Candido and Dan Cogdell, had not responded to requests for comment at the time authorities released their statements.
Defense counsel or appointed attorneys will have the opportunity to challenge the charges, seek discovery, and raise legal defenses as the case proceeds through pretrial litigation. The extradition itself followed judicial review in Italy, and the defendant’s appearance in U.S. court begins a supervised legal process that could include detention hearings, bail consideration, and scheduling for trial motions.
Implications for Research Cybersecurity
The indictment and extradition underscore persistent cybersecurity risks facing academic and private-sector research institutions, particularly during global emergencies. Investigators say the campaign exploited known software vulnerabilities and email system flaws, highlighting the importance of rapid patching, robust incident response, and cross-institutional information sharing. Institutions handling sensitive biomedical research face heightened exposure to sophisticated adversaries seeking intellectual property and proprietary data.
Cybersecurity experts note that attackers who target research environments often use stealthy techniques and long-term access to harvest valuable datasets and communications. The case reinforces calls for governments and universities to invest in defensive measures, threat intelligence collaboration, and policies that protect critical scientific work from foreign and criminal intrusion.
The transfer of the accused to the United States marks the next stage in a high-profile prosecution that prosecutors say aims to hold accountable those who allegedly stole pandemic-era vaccine research.
