Industry - Data Breach
Executive Summary
A Chinese national accused of working as a contract hacker for China's Ministry of State Security has been extradited from Italy to the United States to face criminal charges. Xu Zewei allegedly conducted cyberespionage operations and intelligence-gathering breaches between February 2020 and June 2021 as part of the Silk Typhoon hacking group. The case is part of broader U.S. law enforcement action against state-sponsored cyber intrusion campaigns targeting computer systems.
What Happened
Xu Zewei, a Chinese national accused of working as a contract hacker for China's Ministry of State Security, was extradited from Italy to the United States in April 2026 to face criminal charges. He allegedly conducted cyberespionage operations and intelligence-gathering breaches between February 2020 and June 2021 as part of the Silk Typhoon hacking group. Xu was arrested in Milan, Italy in 2025 at the request of U.S. authorities and is part of broader U.S. law enforcement actions against state-sponsored cyber intrusion campaigns.
Who Is Affected
Organizations and individuals whose computer systems were targeted during the February 2020 to June 2021 cyberespionage campaign are affected. The specific victims and scope of compromised data have not been disclosed in available sources. This case reflects ongoing risks to entities that may be targets of state-sponsored intelligence operations.
Why It Matters
This extradition represents a rare instance of international cooperation in prosecuting state-sponsored cybercrime and signals heightened enforcement against contract hackers working for foreign intelligence services. The case is part of a larger U.S. effort targeting Chinese government-linked cyber intrusion campaigns, with the Justice Department charging 12 individuals in related operations. Such prosecutions establish legal precedent for holding both individual hackers and their state sponsors accountable for breaches affecting private and government systems.
What You Should Do
Organizations should review their cybersecurity posture and ensure they have robust intrusion detection systems capable of identifying state-sponsored attack patterns. Conduct regular security audits and apply all available security patches promptly to reduce vulnerability to coordinated hacking campaigns. If you suspect your organization was compromised during 2020-2021, contact the FBI or relevant law enforcement to report potential involvement in this investigation.
Summary generated from verified sources and reviewed before publication. How we summarize.