- 33-year-old man was accused of spying for the Chinese government
- FBI alleges he is part of the Silk Typhoon hacking collective
- If convicted, he might be looking at decades in jail
Italian law enforcement has arrested a 33-year-old Chinese national for allegedly spying on the United States.
Landing at Milan’s Malpensa airport on a flight from China, Zewei Xu was apprehended by local police, and according to Italian news agency ANSA, is wanted by the FBI for allegedly participating in cyber-espionage operations for China, targeting data surrounding anti-COVID vaccines that were being produced at the University of Texas back in 2020.
Citing “interior ministry documents”, ANSA said Xu is accused of being part of Hafnium, an infamous state-sponsored threat actor also known as Silk Typhoon. With this group, Xu allegedly “targeted thousands of computers around the world” to get information on “various US government policies.”
Typhoons against critical infrastructure
There will be a hearing early next week, at Milan’s Court of Appeals, to determine whether or not Xu will be extradited to the United States.
While his family claims he is an IT manager at Shanghai GTA Semi Conductor, where he develops IT systems and network infrastructure, American authorities accuse Xu of wire fraud and aggravated identity theft.
If convicted, Xu is looking at a maximum punishment of 20 years in prison, as well as an additional five years for unauthorized access to protected computers.
Silk Typhoon is one of many “typhoon” groups (Flax Typhoon, Silk Typhoon, and others), all of which are apparently state-sponsored and engaged in various forms of cybercriminal activity.
Critical infrastructure firms, government organizations, telecommunications companies, and similar, are the typhoons’ most common targets.
In mid-April 2025, amid a serious escalation of hostilities between the US and China, senior Chinese officials apparently acknowledged behind closed doors that Beijing was involved in a series of cyberattacks on US critical infrastructure, conducted by Volt Typhoon.
This group was infiltrating US critical infrastructure systems for years, including compromising energy, communications, transportation, and water industries.
Via BleepingComputer
You might also like
- CISA tells agencies to patch BeyondTrust bug now
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
