NEWS AND ANALYSIS:
Italian authorities, at the request of the FBI, have arrested a major Chinese hacker who prosecutors say is linked to a massive intrusion against Microsoft-based computer networks and the theft of U.S. COVID-19 research, the Justice Department said.
Xu Zewei, 33, was arrested in Milan on July 3. A nine-count indictment unsealed in federal court in Houston outlines his alleged hacking activities, including stealing COVID-19 vaccine research, the department said in announcing the arrest.
A request for his extradition to the United States has been made.
Mr. Xu was sought by the FBI since at least November 2023, when both an indictment and an arrest warrant were issued in federal court in Houston.
The hacker and an associate, Yu Zheng, are charged with conducting computer network penetrations on behalf of the Ministry of State Security, the civilian Chinese intelligence service, specifically its Shanghai State Security Bureau, the branch focused on operations against the United States.
Mr. Xu worked as general manager of Shanghai Powerock Network Co. Ltd., a contractor for the Ministry of State Security. Mr. Zhang, who is still being sought by the FBI, worked for another MSS contractor, Shanghai Firetech Information Science and Technology Company Ltd.
Beginning in 2020, during the COVID pandemic, the two hackers and several others targeted U.S. universities and leading immunologists and virologists engaged in ground-breaking research into COVID vaccines, treatments and testing, according to the indictment.
The operations exploited a security hole in the Microsoft Exchange Server software that is used to send and receive email messages.
Microsoft disclosed the intrusion campaign in March 2021 and dubbed the operation “HAFNIUM.”
“The conspirators thus were at the forefront of the [People’s Republic of China’s] ‘HAFNIUM’ intrusion campaign, which the United States government, the European Union, the United Kingdom and the North Atlantic Treaty Organization, and private-sector cybersecurity leaders later condemned as an ‘indiscriminate,’ ‘reckless,’ ‘irresponsible’ and ‘destabilizing’ hack of thousands of computers worldwide,” the indictment states.
In July 2020, then-Secretary of State Mike Pompeo ordered the closure of the Chinese consulate in Houston that he described as “a hub of spying and intellectual property theft.”
Officials said the consulate was engaged in directly stealing intellectual property from research institutions and companies in Texas.
The indictment said two universities in Texas and a university in North Carolina were targeted by the hackers, along with a law firm headquartered in Washington.
The information obtained provided a “strategic benefit” to China, the indictment said.
A Chinese Embassy spokesman, Liu Pengyu, said China opposes all forms of cybercrimes and that Beijing “has neither the need nor the intention to acquire vaccines through so-called theft.”
Mr. Xu appeared before a court in Milan on Tuesday, and his lawyer told Reuters he is a victim of mistaken identity. He had traveled to Italy for a vacation with his wife.
Among the nine counts in the indictment issued in the Southern District of Texas are wire fraud and aggravated identity theft, conspiracy to commit wire fraud, and unauthorized access to protected computers.
Nicholas Ganjei, U.S. attorney for the Southern District of Texas, where the case is being prosecuted, said investigators have been working for years to apprehend Mr. Xu.
“As this case shows, even if it takes years, we will track hackers down and make them answer for their crimes. The United States does not forget,” he said.
Brett Leatherman, assistant director of the FBI’s Cyber Division, said Mr. Xu and others working on behalf of the Chinese Communist Party targeted American universities in a bid to steal COVID research and then exploited a “zero-day” vulnerability to steal additional research.
“Through HAFNIUM, the CCP targeted over 60,000 U.S. entities, successfully victimizing more than 12,700 in order to steal sensitive information,” Mr. Leatherman said.
“This arrest, carried out with our Italian law enforcement partners, demonstrates the FBI’s relentless commitment to holding CCP-sponsored hackers accountable for their crimes.”
Taiwan military drills simulate Chinese strikes
Taiwanese military forces on Wednesday launched what officials say are the largest ever war games that include responding to military strikes by invading Chinese forces.
The drills will include simulating attacks by China on command systems and infrastructure prior to a Beijing invasion that U.S. military leaders have said could take place by 2027.
Senior defense officials in Taipei told reporters the annual Han Kuang drills are focused on testing a decentralized military command and control structure in response to anticipated electronic warfare strikes by China.
The 10-day war games will also assess the island democracy’s combat readiness against a full-scale invasion or blockade by China’s People’s Liberation Army.
“We are learning from the situation in Ukraine in recent years and realistically thinking about what Taiwan might face … in real combat,” said one senior defense official.
“Commanders have to think what issues their troops might face and they need to pass them down to their subordinates,” the official said.
Taiwan’s military is preparing for large-scale cyberattacks and misinformation campaigns by the PLA as part of “gray zone” military operations that likely would precede a full-scale assault.
The exercises for the first time will use 22,000 reservists, the most used in the drills to date.
Also being used for the first time is the new U.S.-made High Mobility Artillery Rocket Systems, or HIMARS, and indigenous Sky Sword surface-to-air missiles.
The exercises come amid heightened tensions with China, which has been conducting what the U.S. Indo-Pacific Command calls an intense military “pressure campaign” involving regular rehearsals for an invasion or blockade.
Scores of Chinese warplanes and dozens of warships are deployed regularly around the self-ruled island that China claims as its territory and has vowed to annex, using force if needed.
The Taiwan Defense Ministry reported 31 PLA sorties and seven naval vessels around Taiwan on Wednesday.
The Taiwanese exercises are expected to be closely monitored by the PLA.
The U.S. military is also likely watching the exercises closely as it has sought to bolster the Taiwanese military in recent years with new weapons, advanced command and control systems, and new tactics that would allow its weaker forces to prevail against the stronger PLA.
The exercises will feature round-the-clock operations by army, naval and air forces practicing the defense of Taiwan coasts.
Live-fire drills with U.S.-made M1A2 Abrams tanks and sea-borne drones operations are also scheduled.
China denounced the exercises.
“The Han Guang exercise is nothing but a bluffing and self-deceiving trick by the DPP authorities, attempting to bind the Taiwanese people to the Taiwan independence cart and harm Taiwan for the selfish interests of one party,” Chinese Defense Ministry spokesman Col. Jiang Bing said at a Beijing news conference on Tuesday. The DPP stands for Taiwan’s independence-leading ruling Democratic Progressive Party.
“No matter how they perform or what weapons they use, they cannot resist the PLA’s anti-independence sword and the historical trend of the motherland’s inevitable reunification,” he said.
Chinese-Russian bomber patrol a ‘clear threat’
Chinese and Russian bombers that conducted a joint patrol near U.S. territory in November for the first time represented practice for conducting a strategic nuclear attack on the United States, according to a joint report by an Air Force think tank and a Japanese Defense Ministry think tank.
The report said nine joint Chinese-Russian bomber flights since 2019 were mostly non-threatening, including a July 2024 strategic bomber patrol near Alaska.
But that changed dramatically in November when the PLA air force used H-6N bombers with Russian Tu-95 bombers within range of Guam in what the report said was “a clear threat against the USA,” the report stated.
“On the second day of patrols, November 30, the PLAAF for the first time formed a strike package and sent the strike package to the western Pacific Ocean,” the report said.
The Chinese bombers carry a nuclear-armed air-launched ballistic missile likely based on the DF-21 ballistic missile with a range of about 1,335 miles.
“The patrol’s flight path through the Miyako Strait connects directly with the western Pacific Ocean, and the PLAAF can put a massive U.S. Air Force base on Guam within range of that ALBM just from a point at which one of its H-6Ns entered the Pacific Ocean,” the report said.
The report added that the PLA unit that dispatched the bomber, the 106th Brigade, has as its primary mission a nuclear strike.
Thus, “it is likely that the combined patrol of November 30 also represents the first serious training to conduct a nuclear strike against Guam from the air.”
“So, one can say that the combined patrol that has come closest to U.S. territory was the patrol near Alaska, but the combined patrol that has presented a clear and serious threat to U.S. territory was that of November 30.”
The threat was likely intended as a “political signal” to the United States from Beijing, the report said.
The strategic message was that China fears U.S. alliance building in Asia will hurt China’s ability to annex Taiwan and joined with Russia in threatening U.S. territory, the report said.
The report was published by the Air Force China Aerospace Studies Institute and the Japanese Air Self Defense Force’s Air and Space Studies Institute.
• Bill Gertz can be reached at bgertz@washingtontimes.com.