# US Arrests Silk Typhoon Hacker Accused of Stealing Covid Research and Mass Email Hacking

Italian law enforcement has arrested a 33-year-old Chinese national, Zewei Xu, on charges of alleged cyber-espionage operations against the United States. Xu was apprehended at Milan's Malpensa airport upon arrival from China, marking a significant development in the ongoing saga of cyber threats emanating from China.

According to Italian news agency ANSA, Xu is wanted by the FBI for his involvement with Hafnium, a notorious state-sponsored threat actor also known as Silk Typhoon. This group has been linked to various high-profile cyber attacks and hacking operations targeting sensitive data and infrastructure.

At the University of Texas in 2020, researchers were developing anti-COVID vaccines when Xu allegedly targeted their work, compromising the security of their research. He is accused of being part of a massive email hacking operation, where thousands of computers worldwide were targeted to gather information on various US government policies.

Xu's alleged activities with Hafnium are just one example of the group's malicious activities. The typhoon groups, including Flax Typhoon and Silk Typhoon, have been linked to numerous high-profile attacks on critical infrastructure firms, government organizations, telecommunications companies, and other sensitive targets.

The US and China have been engaged in a series of escalating tensions, with senior Chinese officials acknowledging behind closed doors that Beijing was involved in a series of cyberattacks on US critical infrastructure. In mid-April 2025, it was reported that the group Volt Typhoon had been infiltrating US critical infrastructure systems for years, compromising energy, communications, transportation, and water industries.

Xu's arrest marks an important turning point in the cat-and-mouse game between Western authorities and state-sponsored threat actors. If convicted, Xu faces a maximum punishment of 20 years in prison, as well as an additional five years for unauthorized access to protected computers.

The case highlights the ongoing threats posed by state-sponsored hacking groups and the importance of robust cybersecurity measures to protect sensitive data and infrastructure.

### Background on Silk Typhoon

Silk Typhoon is one of several "typhoon" groups (Flax Typhoon, Silk Typhoon, and others), all of which are reportedly state-sponsored and engaged in various forms of cybercriminal activity. These groups have been linked to numerous high-profile attacks on critical infrastructure firms, government organizations, telecommunications companies, and other sensitive targets.

### Extradition Hearing

Xu will face a hearing early next week at Milan's Court of Appeals to determine whether or not he will be extradited to the United States. His family claims he is an IT manager at Shanghai GTA Semi Conductor, where he develops IT systems and network infrastructure. However, American authorities accuse Xu of wire fraud and aggravated identity theft.

### Protecting Your Data

As the threat landscape continues to evolve, it's essential to take steps to protect your data and online presence. Incogni offers a range of services to help individuals and businesses safeguard their sensitive information.

With 55% off Incogni's Data Removal service, you can wipe your personal data off the internet and prevent identity thieves from accessing your information. Sign up for the TechRadar Pro newsletter to stay informed about the latest cybersecurity news, features, and guidance.

### Subscribe to TechRadar Pro

Stay ahead of the curve with the latest cybersecurity news, features, and guidance. Get 55% off Incogni's Data Removal service and protect yourself from identity thieves and unwanted spam calls.