Chinese National Arrested in Italy, Allegedly Linked to State-Sponsored ‘Silk Typhoon’ Hackers

A Chinese national was arrested in Milan, Italy, on July 3rd, accused of ties to the Silk Typhoon hacking group, a sophisticated cyberespionage operation believed to be backed by the Chinese state and responsible for targeting U.S. organizations and government agencies.

Italian authorities apprehended 33-year-old Xu Zewei at Malpensa Airport upon his arrival from China, acting on an international warrant issued by the U.S. government. The arrest signals a significant escalation in international efforts to counter state-sponsored cybercrime.

The Silk Typhoon Group and its Activities

According to reports from Italian news agency ANSA, Xu is alleged to be connected to Silk Typhoon, also known as Hafnium. This group has a documented history of extensive cyberespionage activities directed at the U.S. and other nations.

The group’s activities came to prominence in 2020 with a series of attacks targeting infectious disease researchers and healthcare organizations. These attacks specifically aimed to steal valuable data related to the development of anti-COVID vaccines. “These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research,” a joint advisory stated.

Expanding Targets: From Healthcare to Financial Institutions

Silk Typhoon’s reach extends beyond the healthcare sector. More recent campaigns have targeted critical U.S. government entities, including the Treasury Department’s Office of Foreign Assets Control (OFAC) and the Committee on Foreign Investment. This expansion suggests a broadening scope of intelligence gathering and potential disruption capabilities.

In March, Microsoft reported that Silk Typhoon had adapted its tactics, beginning to target remote management tools and cloud services in supply chain attacks. This shift allows the group to gain access to the networks of downstream customers, amplifying the impact of their operations. .

Extradition and Ongoing Investigation

Xu Zewei is currently being held in Busto Arsizio prison in Italy as the U.S. government pursues his extradition to face trial in the United States. The outcome of the extradition proceedings remains uncertain, but the arrest underscores the growing international cooperation in combating cybercrime.

The case highlights the persistent threat posed by state-sponsored hacking groups and the challenges in attributing and prosecuting these complex cyberattacks. As nations increasingly rely on digital infrastructure, the need for robust cybersecurity measures and international collaboration will only continue to grow.