A Chinese national accused of stealing COVID-19 research from American universities on behalf of Beijing has been extradited to the United States and is now facing federal charges, FBI Director Kash Patel announced Tuesday.
Xu Zewei, 34, was arrested in Milan, Italy, on April 27 and transferred to U.S. custody, years after a federal bench warrant was first issued for him in November 2023. Patel said Italian law enforcement played a key role in tracking him down.
“The FBI and our great partners have arrested Xu Zewei, a PRC national and state-sponsored hacker, allegedly responsible for a massive cyber intrusion campaign in 2020 and 2021 stealing COVID-19 research from American institutions,” Patel wrote on X Tuesday morning.
The hacking began in the early days of the pandemic. On February 19, 2020, Xu confirmed to a Chinese intelligence officer that he had successfully breached the network of a research university in Texas, according to court documents. Three days later, he was directed to target specific email accounts belonging to virologists and immunologists working on COVID-19 treatments and vaccines.
Additional targets included a second university in Texas, a university in North Carolina, and a Washington, D.C. law firm.
Patel said Xu was also a contractor for the Hafnium cyber espionage group, which operates under direction from Chinese state officials. According to Patel, Hafnium has “compromised nearly 13,000” American organizations.
The Justice Department alleges that Xu was directed throughout the scheme by China’s Ministry of State Security, specifically its Shanghai State Security Bureau.
Xu faces multiple federal charges: conspiracy to commit wire fraud, two counts of wire fraud, conspiracy to cause unauthorized computer access, two counts of unauthorized computer access, two counts of intentional computer damage, and aggravated identity theft. The charges carry the potential for decades in prison.
The Justice Department said Zhang Yu, a second Chinese national suspected of participating in the scheme, remains at large.
“This case is a historic win for our cybersecurity efforts under President Trump, bringing bad actors who target American infrastructure to justice no matter where they try to hide,” Patel said.
