Hacker who allegedly carried out cyberattacks for China is extradited to U.S.

A man accused of carrying out cyberattacks on behalf of the Chinese government has been extradited to the United States, and faces over a decade in prison if convicted. Last year, the U.S. Justice Department accused Xu Zewei of working as a contractor for the Chinese Ministry of State Security to conduct a series of cyberattacks. Prosecutors alleged Xu and co-conspirator Zhang Yu targeted several U.S. universities in early 2020 to steal research related to the COVID-19 pandemic. The two also allegedly hacked thousands of email servers running Microsoft Exchange beginning March 2021, as part of an “indiscriminate” campaign attributed to a Chinese-backed hacking group known as Hafnium, and later Silk Typhoon. Xu was arrested in Italy last year at the request of U.S. authorities. His lawyer in Italy, Simona Candido, told TechCrunch that Xu was extradited to the United States on Saturday, and that he is now in detention in Houston, Texas. According to the U.S. Bureau of Prison’s website, a man with the same name is in custody at the Federal Detention Center in Houston. After this story was published, the Justice Department announced Xu’s extradition in a press release. Xu’s lawyer in the United States, Dan Cogdell, was scheduled to appear at a hearing in Houston on Monday, according to court records. Cogdell told TechCrunch that he found out about the hearing earlier on Monday. According to court records, Xu appeared for his initial appearance in federal court and was remanded back into custody. Techcrunch event Meet your next investor or portfolio startup at Disrupt Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $410. Meet your next investor or portfolio startup at Disrupt Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $410. San Francisco, CA | October 13-15, 2026 REGISTER NOW As the Justice Department said when it initially announced charges against the accused hackers, Xu allegedly worked for Shanghai Powerock Network, a company in China that prosecutors said “conducted hacking” for Beijing. Xu and other hackers allegedly reported their activities directly to Chinese state officials in Shanghai. Along with Zhang, he was part of the Hafnium group that allegedly took advantage of previously undiscovered security flaws in Microsoft Exchange servers with the aim of hacking into several American organizations, including defense contractors, law firms, think tanks, and infectious disease researchers. According to prosecutors, Hafnium hackers targeted more than 60,000 entities in the U.S. and were successful in hacking more than 12,700 of them.

The Chinese Embassy in Washington D.C. did not respond to a request for comment.

The Financial Times reported that the Chinese Foreign Ministry opposed Xu’s extradition and accused the U.S. government of “fabricating cases.” For years, the U.S. government has charged suspected Chinese hackers, many of whom remain at large. In 2022, Yanjun Xu was sentenced to 20 years in prison for hacking crimes in what the DOJ said was the first case where a Chinese government intelligence officer had been extradited to the United States. This story was updated to include the DOJ’s announcement of Xu’s extradition and information from new court records. Topics China, cybersecurity, hackers, hacking, hafnium, Security, silk typhoon, U.S. Department of Justice, Xu Zewei When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence. Lorenzo Franceschi-Bicchierai Senior Reporter, Cybersecurity Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy. You can contact or verify outreach from Lorenzo by emailing lorenzo@techcrunch.com, via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.

View Bio April 30 San Francisco, CA StrictlyVC kicks off the year in SF. Register now for unfiltered fireside chats and VC insights with leaders from Uber, Replit, Eclipse, and more. Plus, high-value connections that actually move the needle. Tickets are limited. REGISTER NOW Most Popular Two college kids raise a $5.1 million pre-seed to build an AI social network in iMessage Dominic-Madori Davis Meta’s loss is Thinking Machines’ gain Connie Loizos OpenAI releases GPT-5.5, bringing company one step closer to an AI ‘super app’ Lucas Ropek Microsoft offers buyout for up to 7% of US employees Amanda Silberling Duolingo is now giving users access to advanced learning content Lauren Forristal Unauthorized group has gained access to Anthropic’s exclusive cyber tool Mythos, report claims Lucas Ropek SpaceX is working with Cursor and has an option to buy the startup for $60B Tim Fernholz