HAFNIUM-Linked Hacker Xu Zewei Riding the Tides of China’s Cyber Ecosystem

On July 3, 2025, at Milan Malpensa Airport, Italian police arrested Xu Zewei (徐泽伟), whom U.S. authorities allege to be a hacker contracted by the Chinese state. Following the news about Xu’s arrest from Italian media, on July 8, the U.S. Department of Justice (US DoJ) issued a press release and unsealed an indictment, accusing Xu Zewei and his co-defendant Zhang Yu (张宇) of participating in hacking activities between February 2020 and June 2021. These activities were reportedly linked to the Advanced Persistent Threat (APT) group HAFNIUM (also known as Silk Typhoon or APT27), involving the theft of COVID-19 research from universities, exploitation of Microsoft Exchange Server vulnerabilities, and compromising thousands of computers worldwide, including those in the United States. As of this writing, Xu remains in custody near Milan and is undergoing extradition proceedings to the United States. During his initial court appearance, Xu asserted that he “has nothing to do with the case,” while Xu’s lawyer stated that “Xu is a victim of mistaken identity, his surname is common in China, and his mobile phone was stolen in 2020.” It was further argued that Xu is a technician employed by (Shanghai) GTA Semiconductor Co. Ltd., on holiday in Italy with his wife.

To read the complete article see: Link to Full Article