From Milan to Houston: The Global Pursuit of China’s Alleged Cyber Operatives

On a summer day in Milan, Xu Zewei’s European vacation took a dramatic turn. Italian police, acting on a U.S. warrant, arrested the Chinese national in July 2025 - setting off a diplomatic row and thrusting one of the world’s most elusive cybercrime cases into the international spotlight. Now, Xu sits in a Houston jail, accused of being a key player in a sweeping Chinese hacking campaign targeting American research at the height of the COVID-19 pandemic.

The U.S. Department of Justice alleges that Xu, along with a co-conspirator still on the run, orchestrated cyberattacks that reached deep into American institutions. Their primary target: confidential COVID-19 vaccine research. Prosecutors say the hacks were not freelance operations, but missions ordered by China’s Ministry of State Security (MSS) and the Shanghai State Security Bureau - two pillars of the country’s cyber espionage apparatus.

At the heart of the indictment is the infamous “HAFNIUM” group, also known as Silk Typhoon in security circles. Between February 2020 and June 2021, HAFNIUM’s attacks reportedly compromised thousands of computers worldwide, including those at a Texas university working on coronavirus treatments. The group’s most notorious feat: exploiting Microsoft Exchange Servers in 2021, an operation that left more than 60,000 U.S. entities exposed, according to the FBI.

Xu’s defense? A case of mistaken identity. Through his lawyer, he maintains he was merely a tourist in Milan, swept up in a geopolitical contest far beyond his control. Meanwhile, Chinese officials have denounced the extradition as “political manipulation,” accusing the U.S. of targeting Chinese citizens under the guise of cybercrime enforcement.

Yet U.S. authorities paint a different picture. Court documents detail how Xu allegedly reported directly to Chinese intelligence handlers, even confirming the successful breach of a Texas research university’s network. The indictment connects him to a sophisticated campaign of wire fraud, identity theft, and unauthorized system access - tools of a cyberwar that often remains hidden from public view.

This extradition is more than a legal milestone; it’s a signal to cyber operatives worldwide that borders offer little protection in today’s digital battlefield. As Xu awaits trial in Houston, the world watches for clues about the shadowy interplay of state power, technology, and international law in the age of cyber conflict.

Conclusion: The Xu Zewei case underscores the global reach of cyber espionage and the growing willingness of governments to cross borders - literally and digitally - in pursuit of justice or retribution. As the lines blur between national security and criminal prosecution, one thing is clear: the hunt for cyber operatives is now a truly international affair.

WIKICROOK

• Extradition: Extradition is the legal process where one country transfers a suspect or convict to another country to face criminal charges or serve a sentence.
• Wire Fraud: Wire fraud is a crime involving scams or theft using digital communications like email or the internet, often targeting victims across borders.
• HAFNIUM: HAFNIUM is a Chinese state-sponsored cyber-espionage group known for large-scale attacks, including exploiting Microsoft Exchange Server vulnerabilities.
• Ministry of State Security (MSS): The Ministry of State Security (MSS) is China’s main civilian intelligence agency, handling domestic security and international espionage operations.
• Microsoft Exchange Server Exploit: A Microsoft Exchange Server exploit is a vulnerability attackers use to gain unauthorized access to email servers, often leading to data breaches and network compromise.