Italian authorities have detained Xu Zewei, a 33-year-old Chinese national, at Milan Malpensa Airport on July 3, 2025, following an international warrant issued by the United States. Xu, also known by the aliases Zavier Xu and David Xu, is suspected of being a key member of Silk Typhoon—also known as Hafnium—a notorious Chinese state-sponsored cyberespionage group.
Allegations and Charges
According to U.S. officials, Xu is accused of participating in a series of cyberattacks targeting American organizations, with a particular focus on the theft of sensitive data related to COVID-19 vaccine research. Investigators allege Xu played a role in attempts to infiltrate the University of Texas and other institutions involved in pandemic response efforts. The broader campaign, attributed to Silk Typhoon, also targeted U.S. government agencies, defense contractors, and supply chain networks.
The U.S. Department of Justice has charged Xu with wire fraud, aggravated identity theft, conspiracy, and unauthorized access to protected computers. If convicted, he faces a maximum sentence of 32 years in prison.
Legal Proceedings and Extradition
Xu was apprehended upon arrival from Shanghai and is currently being held at Busto Arsizio prison near Milan. Italian authorities, acting on the U.S. extradition request, have seized Xu’s mobile phone and other electronic devices to support ongoing forensic investigations. A hearing at the Milan Court of Appeals will determine whether Xu will be extradited to the United States to face trial.
Xu’s defense team has contested the extradition, arguing that he is an employee of GTA Semiconductor Co Ltd and denying any involvement in cyberespionage activities. Xu’s family, who accompanied him on the trip, have expressed confusion and distress over the arrest, stating they were unaware of any pending charges.
International and Geopolitical Implications
The arrest comes at a time of heightened tensions between the United States and China over cyberespionage and intellectual property theft. Silk Typhoon, also known as Hafnium, has been linked to several high-profile cyberattacks, including the 2020 Microsoft Exchange breach, and is considered a significant threat to Western cybersecurity infrastructure.
The case places Italy in a delicate position as it navigates its relationships with both Washington and Beijing. The outcome of the extradition proceedings will be closely watched by international observers and could set a precedent for future cooperation on cybercrime enforcement.
