Chinese Spy Nabbed in Daring COVID Research Heist

Written by Timothy Caldwell.

In a significant development in international cybercrime, authorities have apprehended a Chinese national accused of orchestrating a sophisticated hacking operation to steal critical COVID-19 research from a Texas university. This arrest underscores the persistent threat of state-sponsored cyberattacks targeting intellectual property and sensitive data, a concern that has grown increasingly urgent in recent years.

Arrest in Milan: A Breakthrough in Cybercrime Enforcement

On November 2023, a Houston federal grand jury indicted Xu Zewei, a 33-year-old Chinese national, for his alleged role in a hacking scheme aimed at pilfering COVID-19 research. After evading capture for nearly two years, Zewei was detained in Milan, Italy, in a coordinated effort between U.S. and Italian authorities. The arrest marks a rare success in apprehending foreign nationals involved in state-sponsored cyber operations, a challenge that has long frustrated law enforcement agencies worldwide.

Zewei’s co-conspirator, Zhang Yu, aged 44, remains at large, with a nine-count indictment unsealed against both individuals. The charges include wire fraud, identity theft, and unauthorized access to protected computer systems. U.S. Attorney Nicholas Ganjei emphasized the significance of Zewei’s capture, noting that it demonstrates the United States’ commitment to pursuing cybercriminals, no matter how long it takes. “Patience and international cooperation have brought us to this moment,” Ganjei stated during a press conference.

Targeting COVID-19 Research: A Strategic Assault

The hacking operation, which spanned from February 2020 to June 2021, allegedly involved intrusions into the systems of a Texas university and a Washington, D.C.-based law firm. According to the indictment, Zewei and Yu operated under the direction of the People’s Republic of China’s Ministry of State Security (MSS) and its Shanghai State Security Bureau (SSSB). Their primary target was research on COVID-19 vaccines, treatments, and testing, conducted by leading immunologists and virologists at the university.

The timing of the attacks is particularly noteworthy. As the world grappled with the early stages of the COVID-19 pandemic, the Chinese government was accused of withholding critical information about the virus’s origins. Concurrently, the MSS allegedly directed efforts to steal intellectual property that could accelerate China’s own vaccine development. This strategic focus on biomedical research highlights the growing intersection of cybersecurity and global health, where state actors exploit digital vulnerabilities to gain competitive advantages.

The hackers reportedly exploited weaknesses in Microsoft Exchange Server, a widely used platform for email communication, to install web shells—malicious scripts that allow remote control of compromised systems. These tools enabled the theft of sensitive emails and data, including discussions among researchers about COVID-19 countermeasures. The operation was part of the broader HAFNIUM campaign, which affected thousands of organizations globally and was later attributed to PRC-sponsored actors by Microsoft and international governments.

Broader Implications for Cybersecurity and Innovation

The theft of COVID-19 research is not merely a violation of intellectual property rights; it represents a direct assault on scientific innovation and public health. Universities and research institutions are often prime targets for cybercriminals due to their open networks and wealth of cutting-edge research. In this case, the compromised data could have undermined global efforts to combat the pandemic, delaying the development of vaccines and treatments that saved countless lives.

Beyond academia, the hacking of a Washington, D.C. law firm reveals the breadth of the operation’s ambitions. The stolen information included details about U.S. policymakers and government agencies, suggesting an intent to gather intelligence on American decision-making processes. Such actions threaten not only individual organizations but also the integrity of democratic systems, as confidential communications between clients and legal counsel are foundational to the rule of law.

Recent studies underscore the escalating threat of state-sponsored cyberattacks. According to a 2024 report by the Cybersecurity and Infrastructure Security Agency (CISA), foreign actors, particularly from China, have intensified efforts to target critical infrastructure and research institutions. The report estimates that intellectual property theft costs the U.S. economy between $225 billion and $600 billion annually, with China accounting for a significant portion of these losses. These figures highlight the economic and strategic stakes involved in combating cyber espionage.

Our Take

The arrest of Xu Zewei is a commendable step toward holding state-sponsored cybercriminals accountable, but it also exposes the persistent challenges in securing sensitive research and infrastructure. The audacity of targeting COVID-19 research during a global health crisis reflects a troubling disregard for international norms and cooperation. As nations race to innovate in fields like biotechnology and artificial intelligence, robust cybersecurity measures must be prioritized to protect intellectual capital. The U.S. and its allies should continue to strengthen international partnerships, as demonstrated by the collaboration with Italian authorities, to deter future attacks. However, the fact that Zhang Yu remains at large serves as a sobering reminder that the fight against cyber espionage is far from over.