Authorities have arrested a Chinese national accused of hacking into U.S. university computer systems to steal COVID-19-related research.
Xu Zewei now faces a nine-count indictment in the Southern District of Texas for his alleged role in a series of cyber intrusions that took place between February 2020 and June 2021. Prosecutors also charged another Chinese national, Zhang Yu, in the same indictment.
Italian authorities arrested Xu on Thursday, and he is currently awaiting extradition to the U.S. Zhang remains at large.
According to court documents, Xu and his associates allegedly targeted U.S.-based universities, as well as immunologists and virologists researching COVID-19 vaccines, treatments, and testing.
“The hacking of these American universities is not just a violation of intellectual property rights. It’s an attack on American scientific innovation,”
said Nicholas J. Ganjei, U.S. Attorney for the Southern District of Texas, at a press conference.
Officials did not disclose which institutions were targeted but confirmed that two universities are located in the Southern District of Texas.
Prosecutors allege that China’s Ministry of State Security (MSS) directed Xu and others to carry out the cyberattacks.
The Chinese Embassy in Washington did not immediately respond to a request for comment.
Authorities claim Xu and Zhang belonged to HAFNIUM, a group responsible for targeting more than 60,000 U.S. entities and successfully breaching at least 12,700 to steal sensitive data. One of their targets included a global law firm with offices in Washington, D.C.
Xu faces multiple charges, including wire fraud, unauthorized access to protected computers, and aggravated identity theft. Each wire fraud charge could result in up to 20 years in prison.
This case follows a recent announcement by the Justice Department, which charged two other Chinese nationals with espionage inside the U.S., including allegations that they photographed a naval base on behalf of Beijing.