A suspected member of the Silk Typhoon hacking group has been extradited to the United States, marking a significant development in a long-running investigation into state-linked cyber espionage targeting sensitive research and critical infrastructure.
The individual, identified by US authorities as Xu Zewei, was transferred from Italy after being arrested in 2025 on a US warrant. He appeared in a federal court in Texas following his extradition, where he faces multiple charges tied to computer intrusions conducted between 2020 and 2021.
Prosecutors allege that Xu operated as a contract hacker working on behalf of China’s Ministry of State Security, carrying out cyber operations through a broader ecosystem of government-linked entities and private contractors. The activity is associated with the threat group known as Hafnium, also tracked as Silk Typhoon, which has been linked to large-scale attacks against US organizations and global targets.
According to court documents, the campaign involved exploiting vulnerabilities in widely used systems and gaining unauthorized access to networks across multiple sectors. Thousands of systems were reportedly compromised worldwide, including targets in the United States.
Authorities say part of the operation focused on stealing COVID-19-related research during the early stages of the pandemic. Universities, research institutions, and scientists working on vaccines and treatments were among the primary targets. The data was considered strategically valuable, with investigators linking the activity to broader intelligence-gathering efforts.
The indictment also names a co-conspirator, Zhang Yu, who remains at large. Both individuals are accused of participating in coordinated intrusion campaigns designed to extract sensitive data from academic, government, and private sector networks.
US officials describe the case as part of a wider pattern of state-sponsored cyber operations that rely on outsourced or “contract” hackers. This model allows governments to conduct espionage activities while maintaining a degree of separation from direct involvement.
The extradition follows cooperation between US and Italian authorities, with law enforcement agencies working across jurisdictions to secure custody of the suspect. Officials emphasized that the case reflects ongoing efforts to pursue individuals involved in cyber espionage, even when operations span multiple countries and years.
The case is expected to proceed through the US court system, where prosecutors will seek to demonstrate the defendant’s role in one of the most widely reported cyber intrusion campaigns of the pandemic era.