Overview
- The 34-year-old, who appeared in a Houston federal court Monday, faces a nine-count indictment after Italy extradited him over the weekend.
- U.S. filings allege Xu acted on direction from China’s Ministry of State Security via its Shanghai branch while employed at Shanghai Powerock Network, described as a company used to carry out government hacking.
- Prosecutors say Xu and a co-defendant targeted U.S. universities in February 2020 to steal emails and research from virologists and immunologists working on COVID-19 vaccines, treatments, and testing, including at a Texas school.
- The case ties Xu to the HAFNIUM, or Silk Typhoon, campaign that exploited previously unknown flaws in Microsoft Exchange email servers and installed web shells for remote control, a wave of intrusions the FBI says hit more than 12,700 U.S. organizations.
- China’s Foreign Ministry condemned the extradition as politically driven and Xu’s lawyers and family claim mistaken identity, while co-defendant Zhang Yu remains at large and Xu is presumed innocent.