A Chinese hacker accused of breaching U.S. institutions to steal COVID-19 research has been extradited to the United States in connection with a major cyberattack.
FBI Director Kash Patel hailed the extradition of Xu Zewei as a significant victory for the nationâs cybersecurity efforts, stating it underscores the U.S. commitment to bringing cybercriminals to justice, regardless of their location.
Xu, a Chinese citizen alleged to be a state-sponsored hacker, is accused of orchestrating an extensive cyber intrusion campaign during 2020 and 2021, targeting American institutions to obtain sensitive COVID-19 research.
Patel announced that Xu was extradited from Italy over the weekend and now faces federal charges in the United States. âThis is a clear message that cybercriminals cannot hide,â Patel stated in a post on X.

The FBI director further detailed that during the peak of the COVID-19 pandemic, Xu and his associates allegedly focused their attacks on U.S. universities and researchers. Their targets included immunologists and virologists involved in critical COVID-19 treatment and vaccine research, gaining unauthorized access to email accounts and other sensitive information.
âDuring 2020 and 2021, at the height of the COVID-19 pandemic, Xu and his co-conspirators allegedly targeted and hacked U.S. based universities, immunologists, and virologists conducting COVID-19 research â including key treatment and vaccines â accessing email accounts and more,â Patel said.Â
The Justice Department said Xu is facing nine charges, including two counts of wire fraud, two counts of obtaining information by unauthorized access to protected computers and aggravated identity theft. The wire fraud charges carry a maximum penalty of 20 years in prison for each count.
âAccording to court documents, officers of the PRCâs Ministry of State Securityâs (MSS) Shanghai State Security Bureau (SSSB) directed Xu to conduct this hacking. The MSS and SSSB are PRC intelligence services responsible for PRCâs domestic counterintelligence, non-military foreign intelligence, and aspects of the PRCâs political and domestic security,â the Justice Department said.
âXu and others reported their activities to officers in the SSSB who were supervising and directing the hacking activities,â the Justice Department added. âFor example, on or about Feb. 19, 2020, Xu provided an SSSB officer with confirmation that he had compromised the network of a research university located in the Southern District of Texas. On or about Feb. 22, 2020, the SSSB officer directed Xu to target and access specific email accounts (mailboxes) belonging to virologists and immunologists engaged in COVID-19 research for the university. Xu later confirmed for the SSSB officer that he acquired the contents of the researchersâ mailboxes.â

FBI Director Kash Patel said on Tuesday that âXu has been extradited to the U.S. out of Italy as of this weekend, and he will now face federal charges.â (Jacquelyn Martin/AP)
Patel said, âXu was also allegedly a key contractor [in] part of whatâs known as HAFNIUM, a group responsible for a massive cyber intrusion campaign (directed by PRC officials) that compromised nearly 13,000 U.S. organizations.â
Patel thanked the FBIâs partners in Italy, mentioning that Prefect Vittorio Pisani of the Italian National Police âworked with us nonstopâ in the investigation to bring Xu into custody.

âDuring 2020 and 2021, at the height of the COVID-19 pandemic,â Patel said, âXu and his co-conspirators allegedly targeted and hacked U.S. based universities, immunologists, and virologists conducting COVID-19 research.â (Tom Williams/CQ-Roll Call, Inc)
Fox News Digital has reached out to attorneys representing Xu for comment.Â
















