Alleged China-linked Hacker Behind HAFNIUM Extradited from Italy, Appears in Houston Court

The United States said Monday that an alleged Chinese state-linked hacker tied to the HAFNIUM Microsoft Exchange campaign and intrusions into U.S. COVID-19 research has been extradited from Italy and made his first appearance in federal court in Houston.

The Justice Department said Xu Zewei, 34, a Chinese national, was transferred to U.S. custody over the weekend and appeared Sunday in U.S. District Court in Houston. Xu is charged in a nine-count indictment related to alleged computer intrusions from February 2020 to June 2021. Prosecutors say some of the intrusions were part of the HAFNIUM campaign that compromised thousands of computers worldwide, including in the United States, while others targeted U.S. universities and researchers working on COVID-19 vaccines, treatments and testing in the early months of the pandemic.

The case had been building for years. The indictment was filed under seal in the Southern District of Texas on Nov. 2, 2023, and was publicly announced after Xu’s arrest in Milan on July 3, 2025 at the request of the United States. Reuters and Bloomberg reported that an Italian court earlier this month cleared the way for his extradition, which has now been completed.

According to the Justice Department, Xu worked for Shanghai Powerock Network Co. Ltd., which prosecutors describe as one of several contractor companies used to conduct hacking on behalf of the Chinese government. The department alleges Xu acted under the direction of officers from China’s Ministry of State Security, specifically the Shanghai State Security Bureau, and reported the results of the intrusions back to them. He is charged alongside Zhang Yu, 44, also a Chinese national, who remains at large.

HAFNIUM became widely known in March 2021, when Microsoft publicly identified the group as exploiting previously unknown flaws in on-premises Microsoft Exchange email servers. U.S. authorities later described it as a major global hacking operation. In July 2021, the White House, joined by allies and partners, publicly attributed the Exchange campaign and other malicious cyber activity to actors affiliated with China’s Ministry of State Security.

China’s Foreign Ministry criticized the extradition, according to Reuters and the South China Morning Post, saying it opposed U.S. “fabricating charges through political manipulation” and urging Italy to “respect facts and law” and not “become an accomplice of the U.S.” Reuters also reported after Xu’s arrest last year that his lawyer argued it was a case of mistaken identity.

U.S. officials framed the transfer as a significant step in a major cyber-espionage case. “Today, Xu Zewei will stand in a federal courtroom to answer for crimes that struck at the heart of American science and security — allegedly stealing COVID-19 research from our universities when the world needed it most,” Acting U.S. Attorney John G.E. Marck for the Southern District of Texas said in a statement.

The indictment contains allegations that have not been proven in court. But Xu’s arrival in the United States marks a rare extradition in a case tied to alleged state-linked cyber operations, and the prosecution is now moving forward in federal court in Texas.