State-Led Hacker from China Accused of Stealing COVID-19 Research Data
The United States has made a significant move in the realm of cybersecurity by arresting Xu Zewei, a suspected Chinese state-sponsored hacker. Xu was apprehended on July 3 in Milan, Italy, at the request of the US government.
Xu is accused of involvement in high-profile attacks, including the theft of COVID-19 research from American universities. The indictment alleges that Xu stole critical COVID-19 research at the behest of the Chinese government. If found guilty on all counts, Xu faces a lengthy prison sentence. Zhang, another co-defendant, currently remains at large.
Xu is reportedly affiliated with the Silk Typhoon group, known for its repeated use of zero-day vulnerabilities and successful compromises of technology firms in supply chain attacks. He has also been linked to the notorious Hafnium campaign, which targeted Microsoft Exchange servers in 2020 and 2021.
The Hafnium campaign, part of the Nafnium campaign, exploited multiple zero-day vulnerabilities in Microsoft Exchange Server. After compromising computers, Xu and his co-conspirators installed web shells on them to enable remote administration. They used the Hafnium campaign to breach information regarding specific US policy makers and government agencies.
Xu and his co-conspirators used the exploitation of Microsoft Exchange to compromise another university in Texas and a law firm with offices worldwide. In 2020, most cyber espionage actors, including those based in China, shifted their focus to COVID-19 research.
John Hultquist, Chief Analyst at Google Threat Intelligence Group, welcomed the arrest of Xu but warned it is unlikely to have an immediate impact on Chinese state-sponsored cyber operations. Hultquist noted that there are several teams of dozens of operators who will continue to carry out cyberespionage, and government sponsors are not likely to be deterred.
The US formally attributed the Hafnium campaign to the PRC in July 2021. The US believes the PRC government uses an extensive network of private companies and contractors in China, including Powerock, to infiltrate organizations and steal data in a manner that obscures state involvement. This coincided with the time that same government withheld information about the virus and its origins.
The arrest of Xu comes amidst a growing concern over state-sponsored cyber attacks, particularly those originating from China. As the world continues to grapple with the impacts of the COVID-19 pandemic, the importance of securing sensitive research and data cannot be overstated. The US Department of Justice will continue to work diligently to identify, apprehend, and prosecute those responsible for such attacks.
Read also:
- Bee colonies in Zirndorf city have been affected by American foulbrood - a designated restriction zone has been established - no immediate threat to local residents.
- Federal Health Care Blueprint for 2026 Revealed by OPM Outlining Key Strategies and Objectives
- Unveiling the Undiscussed Issues of Earbuds: Revealing the Silent Reality
- Five residents of Halton have been diagnosed with West Nile virus.
