In a case that spans continents and critical technologies, Italian law enforcement arrested 33‑year‑old Xu Zewei, a Chinese national accused of orchestrating complex cyberattacks targeting vital COVID‑19 research and Microsoft Exchange servers, the U.S. Justice Department reported. The charges reflect a growing pattern of state‑linked hacking groups exploiting vulnerabilities for economic and strategic gain.
A Wide‑Ranging Cyber Campaign
Over the course of 2020 and 2021, investigators say Xu Zewei worked with the Hafnium group—a network linked to China’s Ministry of State Security—to breach computer systems at American universities in Texas and steal data on vaccine development, treatment trials, and testing methods. At the same time, the group launched massive attacks on more than 60,000 Microsoft Exchange servers worldwide in early 2021, deploying zero‑day exploits to install web shells that gave them lasting access to internal networks.
Through these tactics, hackers reportedly downloaded emails and research files directly from virologists and immunologists, then forwarded sensitive findings to their handlers in Beijing. By focusing on pandemic research at the global health crisis’s outset, they aimed to gain a competitive edge in vaccine innovation while leaving U.S. scientists scrambling to protect their work. This dual focus on science and infrastructure underscored the evolving motives behind advanced cyber espionage.
Technical Exploits and Persistent Access
In March 2021, Microsoft revealed four critical zero‑day flaws in Exchange Server versions 2013, 2016, and 2019. The most serious of these, CVE‑2021‑26855, allowed attackers to pose as the server itself and commandeer its functions. Paired with other flaws that enabled arbitrary file writes and remote code execution, these weaknesses opened the door for web shells—small scripts that let intruders run commands, extract data with tools like Procdump, and compress stolen files with 7‑Zip.
Even after Microsoft released emergency patches on March 2, 2021, many organizations failed to update promptly, leaving backdoors in place. By April, further vulnerabilities were found and patched, but the damage to government agencies, universities, and private firms was already extensive. Victims ranged from the European Banking Authority to municipal bodies in Norway and Chile.
Italy’s Role in Global Cybersecurity
Italian police acted on intelligence shared by U.S. and European partners, tracking Xu Zewei across digital footprints and banking records that linked him to Shanghai Powerock Network Co. Ltd., a company alleged to facilitate hacking for state security services. The arrest in Rome marks one of the first high‑profile detentions of a foreign hacker under an international warrant tied to pandemic‑era espionage.
Italy’s move sends a clear message: collaboration among nations is vital to deter cybercrime that crosses borders and sectors. It also highlights those vulnerabilities that remain common—even in organizations aware of rising threats—when updates are delayed or security protocols are weak.
Personal Analysis
It shows that cyber defense cannot rest on single fixes or emergency alerts. Governments and institutions must build stronger habits around updates, share threat data in real time, and invest in training for IT staff. This case also underlines the importance of treating scientific research as an asset that needs guarding with the same rigor as defense secrets. In the wake of Xu’s arrest, agencies around the world have a chance to reassess and harden their systems against next‑generation threats.
Sources: techcrunch.com
