Alleged ‘Hafnium’ hacker-for-hire extradited to the United States

Alleged ‘Hafnium’ hacker-for-hire extradited to the United States

A Chinese national has appeared before the United States District Court in Houston after being extradited from Italy over the weekend. Thirty-four-year-old Xu Zewei is accused of directing a sophisticated computer intrusion campaign that compromised more than twelve thousand seven hundred North American organisations, including academic institutions engaged in Covid-19 vaccine and treatment research.

Xu faces a nine-count indictment covering alleged computer intrusions carried out between February 2020 and June 2021. Prosecutors allege he and his associates exploited a zero-day vulnerability in Microsoft Exchange Server, designated CVE-2021-26855, to plant web shells that enabled remote access and intelligence collection from targeted mailboxes belonging to United States policymakers and government agencies.

The accused was arrested in Milan with assistance from the Italian cyber police, the Polizia Postale, and subsequently extradited to face trial in the United States. According to the indictment, Xu was directed by the Shanghai State Security Bureau, part of China’s Ministry of State Security, and served as general manager of Shanghai Powerock, an entity described as part of a broader network of commercial companies used to obscure state involvement in hacking operations.

This case presents a textbook example of the challenges facing cybercrime expert witnesses when dealing with state-sponsored activity routed through commercial fronts. The prosecution will need to untangle the relationship between the accused, his co-defendant Zhang Yu who remains at large, and the government agency alleged to have supervised the operation. The ten-year potential sentence reflects the gravity of compromising both government and medical research targets during a global pandemic.

Click here for the original article.