U.S. Conducts Rare Extradition of Alleged Chinese Cyber Spy

After a long search, the law finally caught up to the laptop.

On April 27, the Department of Justice released an indictment of Xu Zewei, a Chinese national accused of participating in state-sponsored hacking operations against the United States over the course of the COVID-19 pandemic. Xu was extradited to the United States from Italy, where he was arrested last year at the request of the FBI with the assistance of the Cyber Division of the Italian National Police.

The case marks a rare instance of a Chinese hacker being brought before US courts amid a marked increase in Chinese hacking operations targeting the United States.

Chinese Hacker Allegedly Stole COVID-Related Research

After being arrested by Italian authorities last year, Xu was indicted on nine charges related to his alleged role as a contract hacker for the Chinese Ministry of State Security (MSS). The Justice Department alleged that Xu was part of the Chinese hacking group Hafnium, which later became Silk Typhoon, while employed at Shanghai Powerock Network, a likely front company for state-sponsored cyber espionage. In its indictment of Xu, the department also announced charges against another Chinese national, Zhang Yu, an alleged coconspirator who remains at large.

Both Xu and Yu allegedly stole research related to the COVID-19 pandemic from a range of U.S. entities, including universities, likely to accelerate China’s efforts to develop a domestic vaccine. As part of Silk Typhoon, the pair were also allegedly involved in a broad-ranging attack against Microsoft Exchange, which likely allowed the MSS to access the files of tens of thousands of businesses and organizations across the United States, including universities, public health laboratories, and defense contractors.  

Extradition Marks Rare Success in Cyber-Related Criminal Cases

The extradition highlights China’s broad-ranging cyber campaign against the United States, including both cyber-enabled economic warfare and pre-positioning on critical infrastructure. While Silk Typhoon primarily stole life sciences research or other valuable commercial data via compromised Microsoft systems, Chinese cyber activity has also  targeted American telecommunications providers and gained access to U.S. and allied energy, water, and transportation systems. This access may allow Beijing not only to spy on the United States, but also to disrupt the American economy and potentially hinder military mobility in the event of a crisis.

Despite China’s large-scale hacking operations, however, the U.S. has struggled to convict Chinese hackers due to a combination of jurisdictional and statutory challenges. While the Department of Justice has long charged Chinese hackers located abroad, the department has only successfully convicted one Chinese intelligence officer extradited on hacking charges, largely reflecting the limits of the extradition treaty system.

Even when caught, Chinese economic espionage cases often have lower rates of prosecutorial success due to difficulties in proving defendants’ direct ties to Beijing — a trend which may disincentivize prosecutors from bringing such charges in subsequent cases.

Washington Cannot Only Rely on Court System To Secure Critical Infrastructure

While the extradition marks a success in Washington’s efforts to bring Chinese hackers to justice, the Justice Department’s track record in such cases, coupled with China’s surging cyber campaigns against the United States, highlights the pitfalls of solely relying on the judiciary to protect U.S. national security. 

The United States should instead enhance its layered cyber deterrence against Beijing. Though the FBI should treat the pursuit of Chinese hackers that travel to extradition countries as a national security priority, the Trump administration should accelerate the implementation of its National Cyber Strategy to improve public-private collaboration while collaborating to adopt a more aggressive posture to deter future attacks.

Jack Burnham is a senior research analyst in the China Program at the Foundation for Defense of Democracies (FDD). For more analysis from Jack and FDD, please subscribe HERE. Follow FDD on X @FDD. Follow Jack on X @JackBurnham802. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.