Overview
- The FBI’s cyber chief, who spoke Thursday, said China’s hacker‑for‑hire network is out of control and warned that operators can be arrested once they travel outside China, pointing to the recent extradition of Xu Zewei from Italy to the United States.
- Prosecutors allege Xu worked at Shanghai Powerock Network under taskings from the Ministry of State Security’s Shanghai bureau between February 2020 and June 2021, including work tied to the Hafnium campaign that broke into Microsoft Exchange email servers using zero‑day flaws.
- The Justice Department says the intrusions hit U.S. universities and COVID‑19 researchers and included a law firm where the attackers searched mailboxes for information on U.S. policymakers and government agencies.
- An FBI agent testified Thursday that a breach at the University of Texas Medical Branch yielded about 1.5 gigabytes of researchers’ emails, and a federal judge ordered Xu held in custody until trial.
- Xu faces nine federal counts including wire fraud, computer intrusions, and aggravated identity theft, Zhang Yu remains at large, and China’s Foreign Ministry has rejected the U.S. allegations and urged Italy not to cooperate.