A man accused of executing cyberattacks for the Chinese government has been extradited to the U.S., his lawyer confirmed.
Last year, the U.S. Justice Department accused Xu Zewei of working with the Chinese Ministry of State Security to perform cyberattacks. Prosecutors alleged Xu and Zhang Yu targeted U.S. universities in 2020 to steal COVID-19 research. They also reportedly hacked thousands of Microsoft Exchange email servers in March 2021 as part of a campaign linked to a Chinese-backed group, Hafnium, later known as Silk Typhoon.
Xu was arrested in Italy at the request of U.S. authorities. His Italian lawyer, Simona Candido, said Xu was extradited to the U.S. on Saturday and is now detained in Houston, Texas.
The U.S. Bureau of Prison’s website lists a man with the same name in custody at the Federal Detention Center in Houston.
Xu’s U.S. lawyer, Dan Cogdell, was set to attend a Houston hearing on Monday. He informed TechCrunch about the hearing earlier that day.
Angela Dodge, a spokesperson for the U.S. Attorney’s Office in the Southern District of Texas, confirmed receipt of an email but did not respond to questions about Xu.
The Justice Department had initially alleged Xu worked for Shanghai Powerock Network, which conducted hacking for Beijing. Xu and other hackers reportedly reported activities to Chinese state officials in Shanghai.
Along with Zhang, Xu was allegedly part of the Hafnium group that exploited undiscovered Microsoft Exchange server security flaws to hack various American organizations, including defense contractors and law firms.
Prosecutors said Hafnium hackers targeted over 60,000 U.S. entities and successfully hacked over 12,700 of them.
The Chinese Embassy in Washington D.C. did not respond to requests for comment.
The Financial Times reported the Chinese Foreign Ministry opposed Xu’s extradition, accusing the U.S. government of “fabricating cases.”
The U.S. government has charged several suspected Chinese hackers over the years, many still at large. In 2022, Yanjun Xu was sentenced to 20 years in prison for hacking, marking the first case where a Chinese intelligence officer was extradited to the U.S.