[Chinese "State-Sponsored Hacker" Nabbed in Milan, Italy]

Beijing has been thrown into an uproar following the sudden extradition to the United States of a Chinese cyber-spy who allegedly hacked U.S. universities and research institutions during the COVID-19 pandemic under orders from the Chinese Communist Party (CCP).

More than 10 months have passed since the hacker was arrested in Italy. During that time, Chinese authorities desperately attempted to block his transfer to the U.S. However, now that the decision has been finalized—piercing through the CCP's persistent sabotage—Beijing is gripped by fear. Who exactly is this individual, and why is China so visibly shaken and anxious?

On April 28, 2026, the U.S. Department of Justice (DOJ) officially announced, “A prominent Chinese government-backed hacker has been extradited from Italy.” The DOJ stated that Xu Zewei (徐泽伟, 34), a Chinese national, would arrive in the U.S. this weekend and appear in the U.S. District Court for the Southern District of Texas to face nine counts related to computer hacking incidents that occurred between February 2020 and June 2021.

The DOJ further identified Xu as a primary culprit in the HAFNIUM attacks, which compromised thousands of computers worldwide, including those in the U.S. Notably, the campaign targeted American COVID-19 research during the height of the pandemic. Xu was indicted alongside another Chinese national, Zhang Yu (张宇, 44).

Xu Zewei was arrested in Milan by Italian authorities in July 2025. This arrest, carried out at the request of the FBI and with the cooperation of the Italian National Police Cybercrime Unit, marks a rare instance of a Chinese hacker being brought to a U.S. courtroom. At the time of his arrest, he was traveling in Milan with his wife, completely unaware that he was already on the FBI’s radar.

The extradition of Xu Zewei is more than just the punishment of a single hacker; it is a dagger aimed at the heart of the CCP. The reason Beijing is expressing "strong dissatisfaction" and distorting facts is clear: the moment he speaks, the full scale of the CCP's state-level cybercrimes and its attempts to cover up the spread of COVID-19 will be laid bare to the world.

[Theft of COVID-19 Research Data: Over 12,700 U.S. Organizations Compromised]

The core of this case lies in the scale and nature of the cyber-espionage conducted by Xu and his accomplices. Exploiting zero-day vulnerabilities in Microsoft Exchange Servers, they stole research data on COVID-19 vaccines, treatments, and testing. These crimes were part of "HAFNIUM," a massive intelligence campaign targeting infectious disease experts, law firms, universities, defense contractors, and policy think tanks.

According to the DOJ, Xu and his team began targeting U.S. universities, immunologists, and virologists in early 2020. By late 2020, they spearheaded the HAFNIUM campaign, which Microsoft publicly disclosed in March 2021.

Their targets spanned approximately 60,000 locations across the U.S., with successful breaches occurring at over 12,700 American institutions. Victims included a research university in South Texas and a major international law firm with offices in Washington, D.C.

The indictment reveals that after hacking a Texas university network, Xu was instructed to access the email accounts of specific virologists and immunologists. He subsequently reported his success to an officer of the Shanghai State Security Bureau (SSSB).

[From ‘HAFNIUM’ to ‘Silk Typhoon’: The Evolution of Chinese State-Backed Hacking]

This case is garnering exceptional attention because it is a rare example of a Chinese hacker standing trial in the U.S. amid a sharp rise in Chinese hacking activities. The DOJ claims Xu was a member of the hacking group HAFNIUM (later known as Silk Typhoon) and worked for Shanghai Powerock Network, a front company providing cyber services for China’s Ministry of State Security (MSS).

FBI Cyber Division Assistant Director Brett Leatherman warned, “Xu’s extradition shows that the FBI’s reach extends far beyond U.S. borders. He is one of many contractors the Chinese government uses to obscure its hand in cyber operations, and others who do the same face the same risk.”

Authorities state the CCP employs a strategy of utilizing a vast network of private companies and contractors to carry out attacks and steal data, thereby maintaining plausible deniability. These entities often pose as security firms while searching for vulnerable systems and relaying stolen intelligence to the Chinese government.

[Panic in Beijing: Will the Ugly Truth of COVID-19 Origin Cover-ups Be Exposed?]

The Chinese Ministry of Foreign Affairs expressed “strong dissatisfaction” and “firm opposition,” claiming the U.S. fabricated false allegations for political motives. However, analysts suggest the CCP's reaction reflects deep anxiety over what Xu might reveal in court.

The critical information the U.S. seeks to extract from Xu includes the motive and process behind the SSSB’s orders to steal COVID-19 research, and where that information ultimately went. In January 2025, the CIA released a statement supporting the possibility that the pandemic originated from an accidental leak at the Wuhan Institute of Virology. The systematic theft of vaccine and treatment research since early 2020 suggests the CCP was deeply involved in the international debate over the virus's origins from the very beginning.

Most importantly, this case sends a powerful warning to IT professionals worldwide working for the CCP. It serves as a reminder that even with state protection, committing crimes that threaten Western security means risking a lifetime in prison, regardless of one's ability to travel abroad. This will likely deal a blow to the CCP’s ability to recruit and motivate its cyber workforce.

The nature of the stolen information is particularly telling. Xu’s focus on U.S. COVID-19 research data in early 2020 coincides with the period when the CCP was attempting to suppress the lab-leak theory, promote the natural-origin theory, and influence the WHO to deceive the public. It appears the CCP intended to intercept U.S. research to manipulate information and deploy a disinformation campaign to evade responsibility.

With the CIA’s 2025 report and the Trump administration’s push to "eradicate the CCP virus" as a core policy, Xu’s testimony could be the "smoking gun." If concrete evidence emerges regarding the CCP’s role in the origins of a virus that claimed millions of lives, it will provide a legal basis for international accountability.

President Trump has vowed throughout his tenure to hold the CCP fully responsible. Xu’s trial is a first step toward fulfilling that promise and a move to fracture the CCP’s system. Furthermore, the DOJ’s recent indictment of associates of Dr. Fauci signals a determined will to purge internal collaborators and end "inappropriate relationships" with the CCP.

Ultimately, what Beijing fears is not the individual actions of Xu Zewei, but the severance of the "link" in a massive criminal conspiracy where the State Security Bureau used hackers as tools to threaten humanity. Once the truth is out, the CCP’s international standing will suffer irreparable damage, leading to a crisis of legitimacy for the regime.

The free world must use this extradition to build a stronger alliance against the CCP's cyber-terrorism and information manipulation. The truth from Xu Zewei will not just uncover past wrongs; it will serve as a shield protecting humanity from future threats.

One more thing: The moment the door to the truth opens, the CCP’s Great Firewall will crumble like a sandcastle.