Xu Zewei Arrested: China's Hafnium Hacker Nabbed in Milan Sting! episode artwork

EPISODE · Jul 8, 2025 · 5 MIN

Xu Zewei Arrested: China's Hafnium Hacker Nabbed in Milan Sting!

from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Welcome, cyber sleuths and digital dragons, to another episode of Digital Dragon Watch: Weekly China Cyber Alert. I’m Ting, your go-to for all things China, cyber, and a dash of hacking wit, so let’s dive right in—because the world’s not pausing for your firewall to update. The big news this week: US authorities, in a rare display of cross-continental law enforcement, confirmed the arrest of infamous Chinese hacker Xu Zewei in Milan. Xu, age thirty-three, is accused of spearheading cyber espionage campaigns targeting COVID-19 research at US universities and orchestrating the notorious Hafnium attacks that compromised Microsoft Exchange servers everywhere from small businesses to global law firms. According to the Justice Department, Xu was a contract hacker for Shanghai Powerock Network, working directly for China’s Ministry of State Security via the Shanghai State Security Bureau. The charges are sprawling: conspiracy, wire fraud, unauthorized access—if there’s a cybercrime statute, Xu’s probably on it. His alleged partner-in-hack, Zhang Yu, remains on the loose, and the FBI wants tips. Meanwhile, China’s government loudly condemned the arrest, calling it “firmly opposed,” so expect those diplomatic cables to be extra encrypted this week. But the week wasn’t just about COVID heists and extradition drama. In Europe, France’s cybersecurity agency ANSSI dropped a bombshell about the China-linked ‘Houken’ group, which has been exploiting zero-day flaws in Ivanti Cloud Service Appliance devices to worm its way into sectors like government, telecom, media, and finance. Houken, linked with the infamous UNC5174 crew, uses a mix of cutting-edge zero-days and a grab bag of open-source Chinese hacking tools. Their latest stunt? Self-patching the holes they exploited—talk about cleaning up after your own break-in. Switching gears, Taiwan and China continued their digital cold war. Beijing accused Taipei of cyberattacks against tech firms in Guangzhou. In typical tit-for-tat, Taiwan’s National Security Bureau called the allegations disinformation, insisting this was another round of China’s digital intimidation. Also in the mix: concern over Chinese-owned apps like Douyin and Rednote possibly serving as Trojan horses for propaganda among Taiwan’s youth. Stateside, the SAP July Patch Tuesday brought urgent warnings as critical deserialization bugs—previously exploited by alleged China-nexus groups—were patched. The vulnerabilities allowed unauthenticated remote exploits, with CVE-2025-30012 hitting a perfect 10.0 on the CVSS Richter scale. If you’re running SAP SRM or related legacy solutions, now’s not the time to delay patching. The White House and State Department aren’t sleeping, either. They issued advisories on the rapid rise of AI-driven impersonation attempts, including deepfakes crafted to mimic Secretary of State Marco Rubio, targeting foreign dignitaries and US officials. Th This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Welcome, cyber sleuths and digital dragons, to another episode of Digital Dragon Watch: Weekly China Cyber Alert. I’m Ting, your go-to for all things China, cyber, and a dash of hacking wit, so let’s dive right in—because the world’s not pausing for your firewall to update. The big news this week: US authorities, in a rare display of cross-continental law enforcement, confirmed the arrest of infamous Chinese hacker Xu Zewei in Milan. Xu, age thirty-three, is accused of spearheading cyber espionage campaigns targeting COVID-19 research at US universities and orchestrating the notorious Hafnium attacks that compromised Microsoft Exchange servers everywhere from small businesses to global law firms. According to the Justice Department, Xu was a contract hacker for Shanghai Powerock Network, working directly for China’s Ministry of State Security via the Shanghai State Security Bureau. The charges are sprawling: conspiracy, wire fraud, unauthorized access—if there’s a cybercrime statute, Xu’s probably on it. His alleged partner-in-hack, Zhang Yu, remains on the loose, and the FBI wants tips. Meanwhile, China’s government loudly condemned the arrest, calling it “firmly opposed,” so expect those diplomatic cables to be extra encrypted this week. But the week wasn’t just about COVID heists and extradition drama. In Europe, France’s cybersecurity agency ANSSI dropped a bombshell about the China-linked ‘Houken’ group, which has been exploiting zero-day flaws in Ivanti Cloud Service Appliance devices to worm its way into sectors like government, telecom, media, and finance. Houken, linked with the infamous UNC5174 crew, uses a mix of cutting-edge zero-days and a grab bag of open-source Chinese hacking tools. Their latest stunt? Self-patching the holes they exploited—talk about cleaning up after your own break-in. Switching gears, Taiwan and China continued their digital cold war. Beijing accused Taipei of cyberattacks against tech firms in Guangzhou. In typical tit-for-tat, Taiwan’s National Security Bureau called the allegations disinformation, insisting this was another round of China’s digital intimidation. Also in the mix: concern over Chinese-owned apps like Douyin and Rednote possibly serving as Trojan horses for propaganda among Taiwan’s youth. Stateside, the SAP July Patch Tuesday brought urgent warnings as critical deserialization bugs—previously exploited by alleged China-nexus groups—were patched. The vulnerabilities allowed unauthenticated remote exploits, with CVE-2025-30012 hitting a perfect 10.0 on the CVSS Richter scale. If you’re running SAP SRM or related legacy solutions, now’s not the time to delay patching. The White House and State Department aren’t sleeping, either. They issued advisories on the rapid rise of AI-driven impersonation attempts, including deepfakes crafted to mimic Secretary of State Marco Rubio, targeting foreign dignitaries and US officials. Th This content was created in partnership and with the help of Artificial Intelligence AI.

NOW PLAYING

Xu Zewei Arrested: China's Hafnium Hacker Nabbed in Milan Sting!

0:00 5:07

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Digital Dragon Watch: Weekly China Cyber Alert?

This episode is 5 minutes long.

When was this Digital Dragon Watch: Weekly China Cyber Alert episode published?

This episode was published on July 8, 2025.

What is this episode about?

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Welcome, cyber sleuths and digital dragons, to another episode of Digital Dragon Watch: Weekly China Cyber Alert. I’m Ting, your go-to for all things China, cyber, and a dash of...

Can I download this Digital Dragon Watch: Weekly China Cyber Alert episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!