"State-affiliated cyber actors operate on the assumption that distance and state protection insulate them from consequence," an FBI official said during a Thursday media briefing.
Xu Zewei and Shanghai Powerock Network Co.
Xu Zewei, a 34-year-old Chinese national, was arrested in Milan in July 2025 and extradited to the United States, where a Houston federal judge ordered him held pending a detention hearing. Federal prosecutors allege Xu worked as a general manager at Shanghai Powerock Network Co. while carrying out intrusions under the direction of officers in the Shanghai State Security Bureau, a regional arm of China's Ministry of State Security.
The Southern District of Texas indictment and charged offenses
An indictment unsealed in the Southern District of Texas alleges Xu played a central role in a Beijing-directed cyberespionage campaign from February 2020 to June 2021 targeting U.S. universities, medical researchers and a Washington-based law firm. Prosecutors say Xu was a hacker-for-hire who, with co-conspirators, exploited vulnerabilities, maintained persistent access to victim networks and exfiltrated data for intelligence and strategic purposes. Xu faces counts including conspiracy, wire fraud, computer intrusion and aggravated identity theft, and faces potential penalties exceeding 20 years if convicted. Senior Justice Department officials declined to name the victim organizations.
Tactics: CVE-2019-11510, Pulse Secure Connect VPN and Microsoft Exchange zero-days
The charging documents describe initial access in early 2020 through exploitation of known vulnerabilities such as CVE-2019-11510 in the Pulse Secure Connect VPN, followed by credential theft and lateral movement into internal systems, including email accounts of virologists and immunologists. Prosecutors also link the operation to a widespread Microsoft Exchange zero-day campaign that compromised thousands of systems, a campaign tracked by Microsoft first as the actor Hafnium and now as Silk Typhoon.
U.S. law enforcement's extradition, mitigation and tactical posture
Officials framed the extradition from Italy as a deliberate effort to impose real-world consequences on nation-state actors previously seen as operating beyond U.S. legal reach. The case was described as a rare instance in which the Department of Justice and the FBI paired an indictment with an opportunistic arrest when the suspect was traveling abroad. Investigative work, officials said, began with victim assistance and mitigation of active intrusions and then shifted toward attribution and prosecution once the immediate threat was contained. A senior FBI official added the bureau deployed its elite cyber action team to the most prominent victim to further cut off the attacker's access to victim networks.
What this means for U.S. universities, medical researchers, and a Washington law firm
- U.S. universities and medical researchers named in the indictment: The public charging links research on vaccines, treatments and testing to the campaign, underscoring prosecutors' focus on academic and biomedical targets during the February 2020–June 2021 window.
- The Washington-based law firm: Prosecutors say the firm had access to sensitive policy and client information, framing it as a strategic target in the operation described by indictments.
- Federal responders: The FBI and DOJ’s approach combined mitigation of ongoing intrusions with attribution and prosecution, including deploying an elite cyber action team to a major victim—an operational pattern that officials say will guide tactical responses when opportunities to bring suspects to U.S. soil arise.
Officials portrayed the extradition as a message: state affiliation and geographic distance no longer guarantee impunity. With Xu in U.S. custody, held pending a detention hearing, the case now moves from attribution and mitigation into the courtroom, and prosecutors have indicated that pairing indictments with targeted, opportunistic arrests abroad will be a tool they use when available. The next concrete milestones are the detention hearing in Houston and continued prosecutorial decisions about how broadly to pursue co-conspirators identified in the Southern District of Texas indictment.
Source: FBI: Chinese Hacker Extradition Sends a Global Message — GovInfoSecurity.com




