Police in Italy arrested a 33-year-old accused by U.S. officers of being a member of a Chinese language state-backed group allegedly answerable for hacking right into a Texas college to steal COVID-19 vaccine info.
Xu Zewei, a 33-year-old from Shanghai, was nabbed at an airport in Milan on July 3, in keeping with Italian information company ANSA. The outlet stated U.S. officers issued an arrest warrant for him on prices of wire fraud, aggravated identification theft and unauthorized entry to protected computer systems.
The Justice Division confirmed the arrest in an announcement, unsealing a nine-count indictment on Tuesday accusing Xu and co-defendant Zhang Yu of being concerned in “pc intrusions between February 2020 and June 2021, together with the indiscriminate HAFNIUM pc intrusion marketing campaign that compromised 1000’s of computer systems worldwide, together with in the USA.”
Prosecutors stated Xu was ordered to conduct the hacks on the behest of China’s Ministry of State Safety (MSS) and Shanghai State Safety Bureau (SSSB) — each of that are intelligence companies.
The unsealed court docket paperwork accused Xu of being a part of the workforce of state-backed hackers that focused an unnamed Texas college in 2020 to acquire a vaccine for COVID-19.
Xu, in keeping with the paperwork, was closely concerned in cyberattacks carried out by Hafnium — which is also referred to as Silk Hurricane. The group has spent years concentrating on the U.S. authorities businesses and different giant organizations.
Nicholas Ganjei, U.S. Lawyer for the Southern District of Texas, stated prosecutors have waited for years to arrest Xu. The Justice Division filed a warrant for his arrest within the U.S. District Courtroom for the Southern District of Texas in November 2023.
“In February 2020, because the world entered a pandemic, Xu Zewei and different cyber actors engaged on behalf of the Chinese language Communist Get together (CCP) focused American universities to steal groundbreaking COVID-19 analysis. The next 12 months, these similar actors, working as a bunch publicly generally known as HAFNIUM, exploited zero-day vulnerabilities in U.S. techniques to steal further analysis,” stated Brett Leatherman, Assistant Director of the FBI’s Cyber Division.
“By HAFNIUM, the CCP focused over 60,000 U.S. entities, efficiently victimizing greater than 12,700 as a way to steal delicate info.”
Courtroom paperwork stated Xu and different hackers focused U.S. universities, immunologists and virologists conducting analysis into COVID-19 vaccines, therapy and testing. Xu and others reported again to supervising officers on the SSSB — together with one occasion the place Xu confirmed that he “had compromised the community of a analysis college situated within the Southern District of Texas.”
The Justice Division stated Xu was directed to “goal and entry particular e-mail accounts belonging to virologists and immunologists engaged in COVID-19 analysis for the analysis college” on February 22, 2020.
Xu later confirmed for the SSSB officer that he acquired the contents of the researchers’ mailboxes, in keeping with prosecutors.
U.S. businesses and researchers have lengthy accused China’s hacking operations of concentrating on analysis establishments engaged on COVID-19 vaccines as a lot of the world sought options to the devastating pandemic that started in 2020.
Looking out inboxes
Later in 2021, Xu and others have been closely concerned within the assaults on Microsoft Trade Servers identified by most because the Hafnium assaults.
Victims of Xu’s concentrating on of Microsoft Trade Servers embody one other college in Texas and legislation companies worldwide. Prosecutors obtained messages from Xu to his superiors confirming he had breached the college’s community.
In a single breach of a legislation agency, Xu was ordered to go looking mailboxes for phrases like “Chinese language sources,” “MSS” and “HongKong” and different info concerning particular U.S. coverage makers and authorities businesses.
Xu’s extradition listening to is slated to happen on Tuesday and his lawyer stated he plans to battle the request, arguing that U.S. officers have the incorrect individual as a result of his identify is frequent in China. Xu is going through 77 years in jail if convicted on all the prices. His co-conspirator Zhang Yu continues to be at giant.
Xu’s spouse, who was touring with him, stated he isn’t a hacker and works as an IT technician for a corporation referred to as GTA Semi Conductor.
The DOJ claimed Zewei labored for Shanghai Powerock Community when he carried out the cyberattacks, lending additional credence to their wider concern that China is utilizing an array of personal firms to launch state-backed intrusion campaigns in an effort to offer believable deniability for the nation’s authorities.
“Working from their secure haven and motivated by revenue, this community of personal firms and contractors in China forged a large web to determine weak computer systems, exploit these computer systems, after which determine info that it might promote immediately or not directly to the PRC authorities,” the Justice Division stated.
“This largely indiscriminate method leads to extra victims in the USA and elsewhere, extra techniques worldwide left weak to future exploitation by third events, and extra stolen info, usually of no curiosity to the PRC authorities and, due to this fact, offered to different third events.”
