They were looking to hurt us during COVID. He targeted the research.
In the long contest between nations over knowledge and power, the pandemic became not only a medical crisis but a theater of espionage — a moment when the vulnerability of open science met the ambitions of state intelligence. This week, that shadow history took a concrete form: a Chinese national named Xu Zewei, accused of directing a cyber campaign against American COVID-19 researchers on behalf of Beijing's Ministry of State Security, was extradited from Italy to face federal charges in the United States. The arrest, years in the making and deliberately timed to outmaneuver diplomatic interference, marks one of the rare occasions when the invisible architecture of state-sponsored hacking becomes visible in a courtroom.
- At the height of the pandemic, American scientists racing to develop vaccines and treatments were simultaneously being targeted by hackers allegedly working for the Chinese government — their email accounts, their research, their communications all compromised.
- Xu Zewei's connection to the HAFNIUM operation meant his alleged reach extended far beyond universities, touching more than 12,000 organizations across the U.S. through exploited vulnerabilities in Microsoft Exchange Server.
- The window to secure Xu's extradition was narrow and fragile — Chinese officials actively attempted to intervene in his transfer, and a 2025 case in Serbia showed exactly how quickly such opportunities can collapse.
- FBI Director Kash Patel's January 2026 trip to Italy, publicly scrutinized for its Olympic optics, was quietly laying the groundwork for Xu's arrest through direct coordination with Italian law enforcement.
- With one alleged co-conspirator still at large and classified details yet to be released, the case remains open-edged — a prosecution begun, but a full accounting still unfolding.
FBI Director Kash Patel announced this week that Xu Zewei, a Chinese national he described as one of Beijing's most consequential cyber criminals, has been extradited from Italy to face federal charges in the United States. The case reaches back to 2020 and 2021, when prosecutors allege Xu led a hacking campaign targeting American universities — specifically scientists working on coronavirus treatments and vaccines — while reporting directly to China's Ministry of State Security and its Shanghai bureau.
The operation was part of the broader HAFNIUM campaign, which exploited weaknesses in Microsoft Exchange Server to compromise thousands of computers globally, including more than 12,000 organizations in the United States alone. Beyond research institutions, Xu and alleged co-conspirators also targeted a Washington-based law firm, searching for information connected to U.S. policymakers. The Justice Department has not disclosed what data, if any, was successfully stolen.
The path to extradition was deliberately engineered and nearly derailed. Patel's trip to Italy in early 2026 — which drew public attention for his attendance at Olympic events — included quiet meetings with Italian law enforcement that set the conditions for Xu's arrest. Chinese officials attempted to intervene in the final days to block the transfer, echoing a 2025 case in Serbia where a Chinese national was ultimately returned to Beijing despite American efforts. Coordination with Italian National Police Prefect Vittorio Pisani proved decisive in closing that window before it could be shut.
Patel framed the extradition as part of a broader campaign against Chinese espionage, claiming the bureau has arrested more Beijing-linked operatives than any previous administration. One alleged co-conspirator in the Xu case remains at large. The Chinese embassy offered no comment.
FBI Director Kash Patel announced this week that a Chinese national accused of orchestrating a sophisticated hacking campaign against American COVID-19 researchers has been extradited to the United States to face federal charges. Xu Zewei, whom Patel described as one of China's two most consequential cyber criminals, was brought into U.S. custody after being apprehended in Italy through what the FBI characterized as a carefully coordinated operation with Italian law enforcement.
The case centers on a cyber campaign spanning 2020 and 2021 that prosecutors allege targeted sensitive research at American universities, with particular focus on scientists studying coronavirus treatments and vaccines. According to the indictment, Xu reported directly to officials at China's Ministry of State Security and its Shanghai bureau after compromising a U.S. research university in early 2020. He was then directed to access email accounts belonging to virologists and immunologists working on pandemic-related research. The operation was part of a broader hacking effort known as HAFNIUM, which exploited vulnerabilities in Microsoft Exchange Server and compromised thousands of computers worldwide, including more than 12,000 organizations across the United States.
Patel's trip to Italy in early 2026, which had drawn public scrutiny at the time due to his attendance at Olympic events, played a direct role in setting up Xu's arrest. The FBI director told Fox News Digital that the visit included meetings with Italian law enforcement and security coordination that ultimately created the conditions for apprehension. "We created an opportunity with our partners in Italy to have him apprehended there," Patel said, adding that the timing was deliberately engineered to prevent legal obstacles that might have delayed extradition. He noted that Chinese officials attempted to intervene in recent days to block Xu's transfer to American custody, underscoring the stakes involved.
The extradition represents an unusual success in bringing a state-linked hacker to prosecution in the United States. Past cases have ended differently: Patel pointed to a 2025 incident in which a Chinese national detained in Serbia was ultimately returned to China despite American efforts to secure custody. The narrow window for action in Xu's case, coordinated with Italian Prefect Vittorio Pisani of the Italian National Police, proved critical to avoiding a similar outcome. Patel said the FBI was able to directly tie Xu to China's Ministry of State Security, though additional details remain classified pending declassification.
Prosecutors allege that Xu and his co-conspirators targeted not only universities but also a Washington-based law firm, where attackers searched email accounts for information related to U.S. policymakers and government agencies. The Justice Department has not publicly detailed the specific data allegedly stolen, including whether it encompassed proprietary vaccine formulas, clinical trial data, or internal communications between researchers. One alleged co-conspirator remains at large. Patel characterized the operation as "specifically engineered at a time when our adversaries were looking to hurt us during COVID," emphasizing that the targeting of pandemic research represented a direct threat to American scientific and public health interests.
The case reflects a broader shift in FBI priorities under Patel's leadership. He stated that the bureau has arrested more Chinese spies than any previous administration and has made countering Chinese espionage a top priority. Patel said the Ministry of State Security continues to actively target the United States through cyber operations aimed at stealing classified information, research, and scientific data that could be leveraged for advantage. "They're going to keep doing it," he said, signaling that efforts to identify and prosecute individuals tied to similar operations remain ongoing. The Chinese embassy did not respond to requests for comment on the extradition.
Notable Quotes
We created an opportunity with our partners in Italy to have him apprehended there.— FBI Director Kash Patel
The operation was specifically engineered at a time when our adversaries were looking to hurt us during COVID.— FBI Director Kash Patel
The Hearth Conversation Another angle on the story
Why was the timing so critical here? What made this window so narrow?
Chinese intelligence was actively trying to prevent the extradition. Once they knew where Xu was, they had legal tools and diplomatic pressure they could apply. The FBI and Italian authorities had to move before those mechanisms could be deployed.
What exactly did Xu steal? The reporting says the Justice Department hasn't detailed what data was taken.
That's the gap. We know he targeted COVID researchers and their email accounts, but whether he got vaccine formulas, trial data, or just communications—that's still classified or undisclosed. The indictment doesn't spell it out.
Patel's Italy trip was controversial at the time. Was it actually about this operation?
Partly. He was there for Olympic security coordination and meetings with Italian law enforcement. But yes, it also created the conditions for Xu's arrest. The criticism about him attending events wasn't entirely unfounded—he was doing both things at once.
Why does China rely on people like Xu instead of just doing it themselves?
Deniability. If you use private contractors or individuals who can be portrayed as independent actors, the government can claim distance. It's harder to prove direct state involvement, which gives Beijing political cover.
Is this actually rare, or is Patel overstating it?
It is genuinely uncommon to extradite a state-linked hacker to the U.S. for prosecution. The Serbia case Patel mentioned shows how often these efforts fail. But whether Xu is truly "one of the top two" in the world—that's harder to verify.
What happens to the co-conspirator who's still at large?
Unknown. The indictment names him, but he hasn't been located or apprehended. He could be in China, elsewhere in Asia, or hiding. The FBI says the investigation is ongoing.