Chinese Hacker Charged in US for Stealing Covid-19 Research Data
If your university’s network suddenly went dark in early 2020, you might be a victim of one of the largest cyber attacks in recent US history. And the story goes all the way to China. On July 3rd, Italian authorities acting on a US request, arrested Shuaway, a 33-year-old Chinese national in Milan. Shu now faces extradition to the United States where he and an accomplice Jang Yu are charged with a sweeping cyber crime campaign. According to a 9-count indictment unsealed in Texas, Shu and Jang, both linked to the Shanghai based company Power Rock Network, allegedly hacked into US university systems between February 2020 and June 2021. Their mission to steal gigabytes of sensitive data on CO 19 vaccines, treatments, and testing. US officials say the operation was state sponsored, directed by China’s Ministry of State Security. Zu is accused of working with the notorious Hafne hacking group which exploited Microsoft Exchange vulnerabilities to access over 60,000 US entities successfully breaching at least 12,700 targets including universities and a major law firm. Prosecutors stress this attack isn’t just about intellectual property. It’s seen as an assault on American scientific innovation at a critical moment. If convicted, Shu could face up to 20 years in prison for cyber fraud alone. So far, Beijing has not responded to the charges, but experts warn the arrest is unlikely to slow wider cyber espionage efforts. For now, the case highlights the high stakes of global cyber security in an age of rapid scientific discovery.
Washington: A Chinese national has been charged by US authorities with hacking into the computer systems of US universities to steal sensitive research data related to Covid-19. The hacking is said to be part of a coordinated operation directed by Chinese intelligence agencies.
As reported by India Today, Wednesday, July 9, 2025, Xu Zewei, the main suspect in the case, was arrested last week in Italy and is currently awaiting extradition to the US. He and Zhang Yu, a fellow Chinese national who is currently at large, were charged in a nine-count indictment filed by prosecutors in the Southern District of Texas.
According to prosecutors, the hacking took place between February 2020 and June 2021. Their targets included networks belonging to US universities, as well as immunology and virology researchers developing critical studies related to the Covid-19 pandemic.
US Attorney Nicholas J. Ganjei stated, “The hacking of American universities is not just a violation of intellectual property rights. It is an attack on American scientific innovation.”
US authorities allege the attack was carried out under the direct direction of China’s Ministry of State Security (MSS). Xu and Zhang are said to be part of a hacking group known as HAFNIUM, which is believed to have targeted more than 60,000 entities in the United States, with 12,700 of them compromised.