The Justice Department reports that a prolific Chinese state-sponsored contract hacker has been arrested.
People’s Republic of China (PRC) citizens Xu Zewei, 33, and Zhang Yu, 44, have been arrested by the US for their roles in computer intrusions from February 2020 to June 2021. The Southern District of Texas has unsealed a nine-count indictment against the two men.. Xu was arrested in Milan, Italy, and will face extradition proceedings. According to court documents, officers of the PRC’s Ministry of State Security’s (MSS) Shanghai State Security Bureau (SSSB) directed Xu to conduct this hacking. The MSS and SSSB are PRC intelligence services responsible for PRC’s domestic counterintelligence, non-military foreign intelligence, and aspects of the PRC’s political and domestic security.
The indictment alleges that Xu was hacking and stealing crucial COVID-19 research at the behest of the Chinese government while that same government was simultaneously withholding information about the virus and its origins. The arrest underscores the United States’ patient and tireless commitment to pursuing hackers who seek to steal information belonging to U.S. companies and universities
In early 2020, Xu and his co-conspirators hacked and otherwise targeted U.S.-based universities, immunologists, and virologists conducting research into COVID-19 vaccines, treatment, and testing. They reported their activities to officers in the SSSB who were supervising and directing the hacking activities. For example, on or about Feb. 19, 2020, Xu provided an SSSB officer with confirmation that he had compromised the network of a research university located in the Southern District of Texas. On or about Feb. 22, 2020, the SSSB officer directed Xu to target and access specific email accounts (mailboxes) belonging to virologists and immunologists engaged in COVID-19 research for the university. Xu later confirmed for the SSSB officer that he acquired the contents of the researchers’ mailboxes.
Another university in the Southern District of Texas and a law firm with offices across the globe, including in Washington, D.C., were among the victims of Xu’s exploitation of Microsoft Exchange Server. Xu and his accomplices installed web shells on computers running Microsoft Exchange Server after taking advantage of them to allow remote administration. As with the earlier COVID-19 research intrusions, Xu and Zhang worked together on the HAFNIUM intrusions, under the supervision and direction of SSSB officers. The People’s Republic of China (PRC) has announced charges against Xu, a Chinese hacker, for hacking and obtaining information that was not publicly known. The PRC used a network of private companies and contractors in China to exploit vulnerable computers and sell information to the PRC government. This indiscriminate approach resulted in more victims in the US and elsewhere, more systems left vulnerable to exploitation by third parties, and more stolen information, often of no interest to the PRC government and sold to other third parties. Xu is under charges of conspiracy to commit wire fraud and two counts of wire fraud, each carrying a maximum penalty of twenty years in jail. He is also charged with conspiracy to cause damage to and obtain information by unauthorized access to protected computers, wire fraud, and identity theft. The FBI’s Houston Field Office is investigating the case, with the Justice Department’s Office of International Affairs providing assistance in securing the defendant’s arrest. Assistant U.S. Attorneys Mark McIntyre and John Marck for the Southern District of Texas and Deputy Chief Matthew Anzaldi of the National Security Division’s National Security Cyber Section are prosecuting the case, while the Justice Department’s Office of International Affairs handles the extradition.
