We got one. The Justice Department reports that on July 3, 2025, Chinese cyberhacker Xu Zewei was arrested in Italy “at the request of the United States.” A codefendant, Zhang Yu, also indicted for massive cyberattacks of U.S. and other computer systems, is still at large.
Justice is asking that anyone with information on Yu’s whereabouts call the FBI at 1-800-CALL-FBI (1-800-225-5324). If he’s in the People’s Republic of China, though, chances are low that the Chinese government will turn him over.
HAFNIUM group or campaign
In a nine-count indictment, the two are charged “for their involvement in computer intrusions between February 2020 and June 2021, including the indiscriminate HAFNIUM computer intrusion campaign that compromised thousands of computers worldwide, including in the United States” (Justice Department, July 8, 2025).
“In February 2020, as the world entered a pandemic, Xu Zewei and other cyber actors working on behalf of the Chinese Communist Party (CCP) targeted American universities to steal groundbreaking COVID-19 research. The following year, these same actors, operating as a group publicly known as HAFNIUM, exploited zero-day vulnerabilities in U.S. systems to steal additional research,” said Assistant Director Brett Leatherman of FBI’s Cyber Division. “Through HAFNIUM, the CCP targeted over 60,000 U.S. entities, successfully victimizing more than 12,700 in order to steal sensitive information.”….
Beginning in late 2020, Xu and his co-conspirators exploited certain vulnerabilities in Microsoft Exchange Server, a widely-used Microsoft product for sending, receiving, and storing email messages. Their exploitation of Microsoft Exchange Server was at the forefront of a massive campaign targeting thousands of computers worldwide and known publicly as “HAFNIUM.” In March 2021, Microsoft publicly disclosed the intrusion campaign by state-sponsored hackers operating out of China….
The announcement of charges against Xu is the latest describing the PRC’s use of an extensive network of private companies and contractors in China to hack and steal information in a manner that obscured the PRC government’s involvement.
In addition to Xu Zewei, who was a general manager at Shanghai Powerock Network, and Zhang Yu, who was or is a director at Shanghai Firetech Information Science and Technology, the indictment also names or rather refers to Officer 1 and Officer 2 of the Shanghai State Security Bureau (SSSB). Both Powerock and Firetech were directed in their cyberattacking by the SSSB. If you see Officer 1 or Officer 2, call the FBI.
That’s one bad guy down—with how many others to go?
Further steps
The arrest of Xu Zewei is good and may lead to other good things. But the U.S. can grab only a few CCP-directed hackers who happen to go to Italy or some other country whose authorities will cooperate with U.S. authorities. We must also use many other methods of defense and offense, like hardening U.S. government and private systems and cyberattacking the companies that cyberattack for China.
Not least, we must end beyond-dumb U.S. government mandates for back doors into U.S. systems and must close all the back doors. Why make U.S. communications and data vulnerable to enemy attack?
Also see:
TechCrunch: “The 30-year-old internet backdoor law that came back to bite”
“The 30-year-old law that set the stage for recent backdoor abuse is the Communications Assistance for Law Enforcement Act, or CALEA, which became law in 1994 at a time when cell phones were a rarity and the internet was still in its infancy.”
StoptheCCP.org: “How to Thwart China’s Cyberattacks”
“Infrastructure for ‘lawful interception’ is just as available for unlawful interception.”
