Alleged Chinese state hacker nabbed in Italy, claims identity mixup
A 33-year-old suspected Chinese hacker arrested in Italy has claimed it was a case of mistaken identity. But investigators say he’s a member of a group tracked as Silk Typhoon.
According to the Italian news agency ANSA, Xu Zewei, an IT manager at a Chinese company in Shanghai, was arrested in Milan late last week when he arrived on vacation with his wife.
Xu was nabbed on a US warrant accusing him of belonging to a Chinese state-sponsored hacking group. He faces wire fraud, computer hacking, and identity theft charges, and could be sent to prison for 2-20 years for each count.
Moreover, the US Department of Justice says that Xu, as well as another Chinese national, Zhang Yu, who remains at large, belong to Silk Typhoon, a threat actor mostly known for the 2024 attack on the US Treasury Department.
The hacker group was previously known as Hafnium and has lately been targeting common IT solutions like remote management tools and cloud applications to gain initial access to targeted organizations.
In Italy, Xu denied the accusations in his first court appearance, claiming that his identity was stolen.
According to ANSA, Xu said that one of his phones “disappeared in 2019-2020” and that he “had no reason” to do what he’s accused of. According to the suspect, someone could have used his name, last name, and email account.
The charges are pretty specific. The Justice Department has charged Xu and Zhang over cyberattacks carried out between February 2020 and June 2021 on behalf of China’s Ministry of State Security (MSS) intelligence and security service.
The hackers allegedly targeted COVID-19 research conducted by US universities, zeroing in on virologists and immunologists. They exploited Microsoft Exchange zero-days to steal emails and other valuable information.
Silk Typhoon has also been observed spying on companies using password spraying attacks, leveraging leaked corporate passwords on public repositories such as GitHub.
According to Microsoft, the group typically targets victims with zero-day exploits, vulnerable third-party services or software providers, and compromised credentials.
Under Italian law, the Ministry of Justice will now have to inform the Milanese Court within ten days of Xu’s arrest whether it intends to move on with the extradition process.
“The Southern District of Texas has been waiting years to bring Xu to justice, and that day is nearly at hand,"
Nicholas Ganjei.
To be clear, though, the US will first have to send all the needed documents within 40 days. Only then will the Italian authorities be able to officially decide whether to approve the extradition request.
The Americans seem eager to get their hands on the suspect.
“The indictment alleges that Xu was hacking and stealing crucial COVID-19 research at the behest of the Chinese government while that same government was simultaneously withholding information about the virus and its origins,” said Nicholas Ganjei, US Attorney for the Southern District of Texas.
“The Southern District of Texas has been waiting years to bring Xu to justice, and that day is nearly at hand. As this case shows, even if it takes years, we will track hackers down and make them answer for their crimes. The United States does not forget.”
