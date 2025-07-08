By Sean Lyngaas and Antonia Mortensen, CNN

Washington and Rome (CNN) — Italian authorities have arrested a Chinese man accused by US prosecutors of being part of a hacking team that stole coveted US research into a coronavirus vaccine on behalf of Chinese intelligence.

At the height of the pandemic in early 2020, Xu Zewei worked at the behest of China’s Ministry of State Security, to target US-based universities, virologists and immunologists doing research on Covid-19 vaccines, treatment and testing, according to an indictment unsealed Tuesday in the US District Court for the Southern District of Texas. The indictment accuses another person, Zhang Yu, of participating in the activity. Zhang is believed to be in China, a Justice Department spokesperson said.

Xu, 33, was detained at the Malpensa Airport northwest of Milan on July 3 and then taken to a nearby prison ahead of his court appearance, according to statements to CNN from Italian authorities. He made his initial court appearance in Milan on Tuesday as the US Justice Department begins to try to extradite Xu to the US District of South Texas, where he faces wire fraud, identity theft and hacking-related charges.

The arrest is a major breakthrough for the FBI, which hunts hackers accused of working for foreign spies but rarely gets one from China into custody. “He is one of the first hackers linked to Chinese intelligence services to be captured by the FBI,” the FBI’s Houston field office posted on X.

In court on Tuesday, Xu said he “has nothing to do with this case,” his lawyer, Enrico Giarda, told reporters.

“He described himself as an IT manager at a company in Shanghai and essentially stated that he has no reason to commit the criminal acts he is being accused of,” said Giarda, adding that he was still waiting to review documents “and understand exactly how the FBI identified him.”

The arrest sets up an extradition battle that could put pressure on the Italian government, which has sought to court US President Donald Trump while also maintaining good relations with China, a significant trading partner.

The indictment did not name any of the universities allegedly targeted by Xu and Zhang, but in a statement to CNN, the University of Texas Medical Branch in Galveston confirmed it was one of them. The university conducted extensive Covid-related research, including a study of the effectiveness of vaccines against emerging strains of the virus.

“The University of Texas Medical Branch is grateful to the FBI and all involved law enforcement agencies for their diligence in pursuing this investigation,” the statement said while declining further comment, citing an ongoing investigation.

Liu Pengyu, spokesperson for the Chinese Embassy in Washington, DC, said he was unaware of Xu’s case but that “similar rumors have surfaced multiple times in the past, and China has already stated its position on the matter.” Chinese vaccine research and development, Liu said in an email, “is among the most advanced in the world. China has neither the need nor the intention to acquire vaccines through so-called theft.”

When the coronavirus went global in 2020, intelligence services around the world scrambled to gather information on the impacts of the virus, according to private experts and Western government officials. In some cases, that allegedly meant using hackers to target research centers developing a vaccine. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) singled out China in a May 2020 public advisory.

“The FBI is investigating the targeting and compromise of U.S. organizations conducting COVID-19-related research by PRC-affiliated cyber actors and non-traditional collectors,” the advisory said, using an acronym for the Chinese government. Those China-linked actors “have been observed attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments, and testing” from computer networks holding Covid-related data, the FBI and CISA said then.

Teddy Nemeroff, a former senior cyber official at the State Department, said the five years between that advisory and Xu’s arrest show the painstaking work that goes into efforts to track down hackers who target valuable US institutions.

“These types of arrests send an important message to cyber criminals who think they can operate with impunity from permissive jurisdictions,” Nemeroff told CNN. “Even five years after they targeted Covid vaccine research, US law enforcement caught up with him. Such arrests are only possible with cooperation from strong law enforcement partners like Italy, who are willing to put themselves in potentially uncomfortable diplomatic positions with countries like China.”

The FBI has said that China has a bigger hacking program than all other foreign governments combined, making it challenge to match Beijing’s pace in intelligence-gathering.

Xu’s arrest “probably isn’t going to have any immediate, practical effect,” John Hultquist, chief analyst at Google’s Threat Intelligence Group, told CNN. “It may cause someone to think twice before getting involved in this because you won’t be able to take a vacation.”

CNN’s Juan Pablo O’Connell contributed to this report.

The-CNN-Wire

™ & © 2025 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.