A Chinese national, Xu Zewei, has been arrested and charged with hacking into U.S. university systems to steal COVID-19-related research, according to federal authorities. He is named in a nine-count indictment issued by the U.S. District Court for the Southern District of Texas, which details computer intrusions committed between February 2020 and June 2021. Another Chinese citizen, Zhang Yu, has also been charged but remains at large.
Xu was arrested last Thursday in Italy and is currently awaiting extradition to the United States. Prosecutors allege that Xu, Zhang, and others targeted American immunologists, virologists, and multiple universities conducting vaccine, treatment, and testing research related to COVID-19. The institutions’ names have not been released, but two are located in the Southern District of Texas.
U.S. Attorney Nicholas J. Ganjei emphasized the significance of the case, stating that the hacking was not only a breach of intellectual property but also a direct threat to American scientific innovation. According to court documents, the operation was directed by China’s Ministry of State Security (MSS), which allegedly used cyber operatives like Xu to carry out targeted intrusions.
Authorities say Xu and Zhang were part of a known hacking group called HAFNIUM, which reportedly targeted over 60,000 U.S. entities and successfully compromised the data of more than 12,700 victims. One of the affected organizations was a global law firm with offices in Washington, D.C.
Xu faces multiple charges, including wire fraud, unauthorized access to protected computers, and aggravated identity theft. If convicted, the wire fraud charges alone carry penalties of up to 20 years in prison.
The Justice Department’s announcement follows a recent revelation that two other Chinese nationals were charged with espionage activities in the U.S., including photographing sensitive military facilities, further highlighting the growing concern over foreign intelligence operations targeting American institutions.
