Suspected Chinese cybersnoop grounded in Italy after US tipoff
(2025/07/08)
- Reference: 1751975229
- News link: https://www.theregister.co.uk/2025/07/08/silk_typhoon_italy_arrest/
- Source link:
A man who US authorities allege is a member of Chinese state-sponsored cyberespionage outfit Silk Typhoon was arrested in Milan last week following a tipoff from the US embassy.
Zewei Xu, 33, is alleged by American authorities to have been involved in China's espionage efforts during the COVID-19 pandemic, tasked with spying on vaccine development at the University of Texas.
According to Italian news agency [1]Ansa , the US issued an extradition request to Italian authorities, and Xu was arrested upon arriving at Milan's Malpensa airport on July 3.
[2]
The agency also said today that court documents indicated Xu is also suspected of being part of Hafnium, now known as Silk Typhoon, which was previously tracked for masterminding a spate of activity targeting US computers and networks.
[3]
[4]
Hafnium's most infamous work pertained to the [5]Microsoft Exchange attack in 2020 , during which attackers stole sensitive documents related to US government policy, defense contractors, and more.
A hearing to decide whether the US's extradition request will be approved is scheduled to take place today at Milan's Court of Appeals.
[6]
The Register contacted the Department of Justice for additional information.
Xu's family, who traveled from Shanghai with the alleged cyberspy, argued that since they were able to secure a visa to travel to Italy, they were confused about why Xu was arrested.
They claimed he worked for GTA Semiconductor, a Shanghai-based chip foundry that specializes in automotive technology, and not for the state, nor [7]Silk Typhoon .
[8]
Silk Typhoon is the moniker used to track a specific Chinese state-sponsored group, which more recently was linked to intrusions at the US Treasury, although it is not clear if Xu was involved in the operation during this time.
The charges against Xu reportedly relate to cyberespionage activities between 2020 and 2021.
According to people familiar with the matter speaking to the [9]Financial Times , a nine-count indictment is expected to be returned should the US's extradition request be granted. The charges are expected to relate to computer intrusions, wire fraud, and aggravated identity theft.
Xu's arrest follows a turbulent period for US-Italy relations, with the latter revoking the arrest of Iranian engineer [10]Mohammad Abedini after originally agreeing to extradite him to the US to face [11]charges related to illegal tech exports to Iran.
Italian Prime Minister Giorgia Meloni is thought to have negotiated a prisoner swap deal with [12]Iran , which at the time had recently detained an Italian journalist who was reporting legally in Iran, on vague charges.
[13]As nation-state hacking becomes 'more in your face,' are supply chains secure?
[14]Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks
[15]China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets
[16]Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday'
The journalist's arrest became a national talking point, and her release was met with broad support for Meloni's government.
Another person of interest to the US, Russian businessman Artem Uss, was also placed under house arrest by Italian authorities in 2023, but escaped and fled to safety in Russia.
The US [17]claims Uss was involved in transnational fraud affecting US government agencies, smuggling, and money laundering, and currently has a $7 million reward posted for information leading to his arrest or conviction.
Unlike many of its allies, Italy has not turned its back on China as vehemently as other European countries and the US.
Meloni met with President Xi Jinping last year, at which time the two leaders committed to relaunching and solidifying their countries' cooperation.
Other major powers in the West see China as their biggest geopolitical and technological adversary, more so than Russia, Iran, and North Korea.
The matter has been a [18]major focus for Western governments and cybersecurity agencies in recent years, with the UK's stance being that stifling the threat China presents is the [19]top priority for cybersecurity chiefs . ®
Get our [20]Tech Resources
[1] https://www.ansa.it/english/newswire/english_service/2025/07/07/ansachinese-spy-arrested-in-italy-on-us-warrant_9f5bbfe6-74ef-4f78-bb1e-fcf01f755652.html
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aG1AmG4bkI_utOSim0yNywAAAAg&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aG1AmG4bkI_utOSim0yNywAAAAg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aG1AmG4bkI_utOSim0yNywAAAAg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2023/01/12/sec_covington_hafnium/
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aG1AmG4bkI_utOSim0yNywAAAAg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2025/03/05/china_silk_typhoon_update/
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aG1AmG4bkI_utOSim0yNywAAAAg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[9] https://www.ft.com/content/f7299b6f-2b58-46c0-bbe5-e650357e8f48
[10] https://www.cnn.com/2025/01/12/europe/italy-iran-diplomacy-mohammad-abedini-intl/index.html
[11] https://www.justice.gov/usao-ma/pr/founder-iranian-company-arrested-providing-material-support-islamic-revolutionary-guard
[12] https://www.theregister.com/2025/06/23/iran_cyberattacks_against_us/
[13] https://www.theregister.com/2025/03/24/nation_state_supply_chain_attack/
[14] https://www.theregister.com/2025/03/06/fbi_china_pays_75k_per/
[15] https://www.theregister.com/2025/03/05/china_silk_typhoon_update/
[16] https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/
[17] https://www.state.gov/artem-aleksandrovich-uss/
[18] https://www.theregister.com/2024/12/03/ncsc_annual_review/
[19] https://www.theregister.com/2024/05/16/the_uks_alarm_over_china/
[20] https://whitepapers.theregister.com/
Zewei Xu, 33, is alleged by American authorities to have been involved in China's espionage efforts during the COVID-19 pandemic, tasked with spying on vaccine development at the University of Texas.
According to Italian news agency [1]Ansa , the US issued an extradition request to Italian authorities, and Xu was arrested upon arriving at Milan's Malpensa airport on July 3.
[2]
The agency also said today that court documents indicated Xu is also suspected of being part of Hafnium, now known as Silk Typhoon, which was previously tracked for masterminding a spate of activity targeting US computers and networks.
[3]
[4]
Hafnium's most infamous work pertained to the [5]Microsoft Exchange attack in 2020 , during which attackers stole sensitive documents related to US government policy, defense contractors, and more.
A hearing to decide whether the US's extradition request will be approved is scheduled to take place today at Milan's Court of Appeals.
[6]
The Register contacted the Department of Justice for additional information.
Xu's family, who traveled from Shanghai with the alleged cyberspy, argued that since they were able to secure a visa to travel to Italy, they were confused about why Xu was arrested.
They claimed he worked for GTA Semiconductor, a Shanghai-based chip foundry that specializes in automotive technology, and not for the state, nor [7]Silk Typhoon .
[8]
Silk Typhoon is the moniker used to track a specific Chinese state-sponsored group, which more recently was linked to intrusions at the US Treasury, although it is not clear if Xu was involved in the operation during this time.
The charges against Xu reportedly relate to cyberespionage activities between 2020 and 2021.
According to people familiar with the matter speaking to the [9]Financial Times , a nine-count indictment is expected to be returned should the US's extradition request be granted. The charges are expected to relate to computer intrusions, wire fraud, and aggravated identity theft.
Xu's arrest follows a turbulent period for US-Italy relations, with the latter revoking the arrest of Iranian engineer [10]Mohammad Abedini after originally agreeing to extradite him to the US to face [11]charges related to illegal tech exports to Iran.
Italian Prime Minister Giorgia Meloni is thought to have negotiated a prisoner swap deal with [12]Iran , which at the time had recently detained an Italian journalist who was reporting legally in Iran, on vague charges.
[13]As nation-state hacking becomes 'more in your face,' are supply chains secure?
[14]Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks
[15]China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets
[16]Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday'
The journalist's arrest became a national talking point, and her release was met with broad support for Meloni's government.
Another person of interest to the US, Russian businessman Artem Uss, was also placed under house arrest by Italian authorities in 2023, but escaped and fled to safety in Russia.
The US [17]claims Uss was involved in transnational fraud affecting US government agencies, smuggling, and money laundering, and currently has a $7 million reward posted for information leading to his arrest or conviction.
Unlike many of its allies, Italy has not turned its back on China as vehemently as other European countries and the US.
Meloni met with President Xi Jinping last year, at which time the two leaders committed to relaunching and solidifying their countries' cooperation.
Other major powers in the West see China as their biggest geopolitical and technological adversary, more so than Russia, Iran, and North Korea.
The matter has been a [18]major focus for Western governments and cybersecurity agencies in recent years, with the UK's stance being that stifling the threat China presents is the [19]top priority for cybersecurity chiefs . ®
Get our [20]Tech Resources
[1] https://www.ansa.it/english/newswire/english_service/2025/07/07/ansachinese-spy-arrested-in-italy-on-us-warrant_9f5bbfe6-74ef-4f78-bb1e-fcf01f755652.html
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aG1AmG4bkI_utOSim0yNywAAAAg&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aG1AmG4bkI_utOSim0yNywAAAAg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aG1AmG4bkI_utOSim0yNywAAAAg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2023/01/12/sec_covington_hafnium/
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aG1AmG4bkI_utOSim0yNywAAAAg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2025/03/05/china_silk_typhoon_update/
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aG1AmG4bkI_utOSim0yNywAAAAg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[9] https://www.ft.com/content/f7299b6f-2b58-46c0-bbe5-e650357e8f48
[10] https://www.cnn.com/2025/01/12/europe/italy-iran-diplomacy-mohammad-abedini-intl/index.html
[11] https://www.justice.gov/usao-ma/pr/founder-iranian-company-arrested-providing-material-support-islamic-revolutionary-guard
[12] https://www.theregister.com/2025/06/23/iran_cyberattacks_against_us/
[13] https://www.theregister.com/2025/03/24/nation_state_supply_chain_attack/
[14] https://www.theregister.com/2025/03/06/fbi_china_pays_75k_per/
[15] https://www.theregister.com/2025/03/05/china_silk_typhoon_update/
[16] https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/
[17] https://www.state.gov/artem-aleksandrovich-uss/
[18] https://www.theregister.com/2024/12/03/ncsc_annual_review/
[19] https://www.theregister.com/2024/05/16/the_uks_alarm_over_china/
[20] https://whitepapers.theregister.com/
Stupid enough to travel?
tmTM
You commit these crimes, you commit yourself to a life inside your borders.
You cannot leave.
The image is wrong
IamAProton
in italian it's POLIZIA not POLICIA
"Xu's family, who traveled from Shanghai with the alleged cyberspy, argued that since they were able to secure a visa to travel to Italy, they were confused about why Xu was arrested."
Yes. I can just imagine the conversation now.
"Guv, someone on our wanted list has just asked for a visa. Shall we let him in, and then arrest him when he gets here?"
"No, of course not. That would confuse the family."