A Chinese national hacked into the computers of major US universities and research labs to steal COVID-19 data as part of a government-sponsored cyberattack during the pandemic, federal prosecutors said Tuesday.
“While the world was reeling from a virus that originated in China, the Chinese government plotted to steal US research critical to vaccine development,” FBI Houston Special Agent in Charge Douglas Williams said in a statement released Tuesday.
Suspect Zewei Xu, 33, infiltrated American research facilities as an agent for China’s Ministry of State Security and the Shanghai State Security Bureau to pilfer the information on the virus and vaccines over nearly two years, prosecutors in the District Attorneys Office in the Southern District of Texas said in the release.
Xu, who was on the run since 2023, was recently nabbed by the FBI and international authorities in Milan, Italy, after getting off a plane from China and is facing extradition to the US, prosecutors said.
“[Xu’s] landmark arrest by FBI Houston agents in Italy proves that we will scour the ends of the Earth to hold criminal foreign adversaries accountable,” Williams said.
According to a newly unsealed indictment, Xu and accused 44-year-old cohort Yu Zhang, who remains on the run, were part of a Chinese-sponsored covert plot to steal US data on COVID-19 research between February 2020 and June 2021.
The pair were part of a coordinated Chinese cyberattack on various US industries that was identified and exposed by Microsoft in 2021 and is publicly known as “Hafnium.”
In early 2020, Xu and his accomplice allegedly targeted universities in Texas and elsewhere, as well as leading immunologists and virologists who were working on COVID vaccines.
On Feb. 19, 2020, he allegedly contacted his Chinese handlers to report that he had compromised the network of one Texas facility. He was told to “access specific email accounts belonging to virologists and immunologists engaged in COVID-19 research,” prosecutors said.
On Feb. 28, 2021, the feds said Xu informed the Shanghai State Security Bureau about his “successful intrusions” into the school’s database and was told to get data on other operations, too.
Xu and Zhang were indicted on wire fraud conspiracy and related federal hacking charges in November 2023, with the charges remaining sealed until Xu’s arrest in Italy.
“The Southern District of Texas has been waiting years to bring Xu to justice, and that day is nearly at hand,” district US Attorney Nicholas Ganjei said in a statement. “As this case shows, even if it takes years we will track hackers down and make them answer for their crimes.
“The United States does not forget.”
Read the full article here