Alleged Chinese State Hacker Wanted by US Arrested in Italy – Source: www.securityweek.com

A Chinese national accused by the United States of being a member of a state-sponsored hacking group has been arrested in Italy.

The suspect, 33-year-old Xu Zewei, has been charged on nine counts alongside another Chinese national, 44-year-old Zhang Yu, who remains at large.

The US Justice Department says Xu and Zhang are part of the group tracked as Silk Typhoon (previously Hafnium based on Microsoft’s prior naming convention). Silk Typhoon is a Chinese threat actor best known for the 2024 attack on the US Treasury Department, as well as for targeting the global IT supply chain. 

According to Microsoft, Silk Typhoon has been known to target healthcare, legal services, higher education, defense, and non-governmental organizations in the US, Australia, Japan and Vietnam.

The Justice Department has charged Xu and Zhang over cyberattacks carried out between February 2020 and June 2021 on behalf of China’s Ministry of State Security (MSS) intelligence and security service. Authorities say Xu had worked at a company named Shanghai Powerock Network, which is known for enabling China’s hacking operations.

Specifically, Xu and others are accused of targeting — in early 2020 — COVID-19 research conducted by universities in the United States. The man allegedly targeted virologists and immunologists, including ones working at universities in Texas, with authorities claiming that Xu had reported to his superiors hacking into the email accounts of researchers.

Xu and his co-conspirators are also accused of exploiting Microsoft Exchange zero-days in late 2020 and early 2021, until Microsoft released patches. These exploits enabled Silk Typhoon hackers to gain access to Exchange servers and steal emails and other valuable information from a university and a law firm. 

Investigators appear to have obtained Xu’s communications as the accusations brought against the Chinese national mention several messages exchanged with his superiors.

Xu faces wire fraud, computer hacking, and identity theft charges. He could be sentenced to between two and 20 years in prison for each count. 

Xu was arrested in Italy on July 3. Italian publication ANSA reported that the suspect, who works as an IT manager at a Chinese company, had come to Italy on vacation with his wife.

In his first court appearance in Italy, the man denied the accusations, claiming that someone might have stolen his identity. Italian authorities will have to decide whether to approve his extradition to the US.

John Hultquist, chief analyst of Google’s Threat Intelligence Group, which tracks Silk Typhoon as UNC5221, told SecurityWeek that the impact of one hacker’s arrest will not be felt immediately. 

“There are several teams composed of dozens of operators who are going to continue to carry out cyberespionage. Government sponsors are not going to be deterred. The arrest is unlikely to bring operations to a halt or even significantly slow them, but it may give some of these talented young hackers a reason to think twice before getting involved in this work,” Hultquist said.

Related: China’s Salt Typhoon Hackers Target Canadian Telecom Firms

Related: China Admitted to Volt Typhoon Cyberattacks on US Critical Infrastructure