Cyber-spying

America is coming after Chinese it accuses of hacking

Xu Zewei was arrested in Milan on July 3rd

Jul 10, 2025 03:13 PM

FOR OVER a decade, America’s justice department has been indicting Chinese government hackers. Almost all of them have remained beyond the reach of the law. The aim has been to expose and embarrass, rather than to arrest. Now that is changing. On July 3rd Italian police in Milan arrested Xu Zewei, who is alleged to have worked on behalf of the Shanghai branch of the Ministry of State Security (MSS), China’s main spy agency. America wants to extradite him for wire fraud, identity theft and hacking.

America says that Mr Xu worked for Shanghai Powerock Network Co. Ltd, a mysterious company whose anodyne name concealed its role in hacking for the MSS. Mr Xu, working as part of a larger group dubbed Hafnium, allegedly hacked into American universities in 2020 and 2021. The targets were institutions where immunologists and virologists were conducting “ground-breaking” research into covid-19 vaccines during the pandemic. He did so by exploiting weaknesses in Microsoft servers for handling emails. (Mr Xu denies wrongdoing and claims he was a semiconductor technician on an Italian holiday.)

Mr Xu is not the first alleged Chinese spy to be caught in America’s legal net. In 2022 a federal court in Cincinnati sentenced Xu Yanjun, a career intelligence officer in the MSS, to 20 years in prison for stealing commercial secrets and technology from American aviation companies. That Mr Xu was lured to Belgium in an FBI sting operation in 2018, arrested there and sent to America. But this was largely for traditional human espionage—one of Mr Xu’s agents successfully joined the US Army, among other spying capers. The new case is the first involving purely cyber activity. “Xu Zewei violated a golden rule of hacking,” notes James Lewis, a cyber expert, “which is never visit a place where a warrant can be served.”

It also highlights the pivotal role of China’s private sector, which serves as a force multiplier for Chinese spy agencies at both the national level and, curiously, the provincial level. Firms like Shanghai Powerock Network either hack directly or provide tools and services to enable hacks by others. In March America’s government charged a dozen Chinese “contract hackers” and officials, many of whom were associated with i-Soon, a prominent company which has been linked to large-scale intrusions around the world.

A report published on July 8th by Kieran Green of Margin Research, an American cyber-security firm, describes a sprawling “cyber militia” of civilian volunteers who train alongside the People’s Liberation Army. China’s government offers tax breaks, procurement preferences and public recognition to encourage top cyber-security firms and their staff to participate in the scheme. A “vast and growing ecosystem” sees these militia-linked cyber-operators scattered across state-owned companies, universities and tech firms. “These partnerships blur the line between state and private cyber-capabilities,” concludes Mr Green. That all suggests that Mr Xu will not be the last Chinese hacker to be indicted by America. But he may well be among the last to take a holiday in Europe. ■