Alleged Chinese Hacker Tied to Silk Typhoon Arrested for Cyberespionage

A shocking arrest has taken place in Milan, Italy, as a 33-year-old Chinese national, Xu Zewei, was detained last week on an international warrant from the U.S. government for allegedly being linked to the state-sponsored hacking group, Silk Typhoon. This notorious group has been responsible for a string of high-profile cyberattacks against American organizations and government agencies, making headlines in recent years.

According to Italian media outlet ANSA, Xu was arrested at Milan's Malpensa Airport on July 3rd after arriving on a flight from China. The suspect was taken into custody without any apparent resistance or disturbance, marking a significant milestone in the ongoing cat-and-mouse game between law enforcement agencies and cybercriminals.

The U.S. government had issued an international warrant for Xu's arrest, citing his alleged involvement with Silk Typhoon, also known as Hafnium. This group has been at the center of several high-stakes cyberespionage campaigns, including the infamous 2020 attacks on infectious disease researchers and healthcare organizations. The hackers aimed to steal sensitive data on anti-COVID vaccines, highlighting the critical role that intellectual property and public health data play in the global response to pandemics.

"These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research," warned a joint advisory issued by various government agencies. This chilling revelation underscores the severity of the threat posed by Silk Typhoon and its alleged associates.

In recent months, the hacking group has continued to evade detection, launching targeted attacks on high-profile targets such as the U.S. Treasury's Office of Foreign Assets Control (OFAC) and the Committee on Foreign Investment. Microsoft recently reported that Silk Typhoon had begun targeting remote management tools and cloud services in supply chain attacks, aiming to gain access to downstream customers' networks.

Xu is currently being held at Busto Arsizio prison while the U.S. seeks his extradition to face trial in the States. The arrest marks a significant development in the ongoing pursuit of those responsible for these high-stakes cyberattacks. As law enforcement agencies continue to adapt and evolve, it remains to be seen how effective this latest move will prove in bringing Silk Typhoon's alleged operatives to justice.

While cloud attacks may be growing more sophisticated, attackers still succeed with surprisingly simple techniques. This is highlighted by Wiz's detections across thousands of organizations, which reveal 8 key techniques used by cloud-fluent threat actors. Understanding these tactics is crucial for organizations looking to protect themselves against these types of attacks.

Meanwhile, a separate development has seen a US sanctions firm linked to cyber scams behind $200 million in losses. The revelation serves as a reminder that the world of cybercrime is complex and multifaceted, with various actors working together to achieve their goals.