The United States captured a Chinese spy who stole data from COVID-19 research.

Xu Zewei, a 33-year-old Chinese citizen, was arrested in Italy at the request of the United States government, as part of an investigation into cyberattacks against U.S. research on COVID-19, the virus created by the Chinese regime in a laboratory in Wuhan.

Xu is a spy for the Chinese Communist Party (CCP) who is accused of hacking universities, as well as immunology and virology specialists dedicated to the development of vaccines, treatments, and tests against the virus, according to officials from the Department of Justice (DOJ).

Through an official statement, the DOJ indicated that the charges against Xu are part of a series of complaints that point to the alleged use, by the Chinese regime, of a network of private companies as a front to carry out cyber espionage activities, with the aim of obtaining confidential information without revealing state involvement.

The indictment also includes Zhang Yu, who is believed to be Xu's accomplice. Both were detained in Italy on July 3, according to the DOJ. The indictment includes nine charges and was filed in the Southern District of Texas court.

According to the indictment, Xu acted under the orders of the Shanghai State Security Bureau (MSS Shanghai State Security Bureau – SSSB), and the cyberattacks allegedly took place between February 2020 and June 2021.

In early 2020, during the expansion of the pandemic that originated in China, Xu and other cyber actors not identified by the Department of Justice attacked various U.S. universities with the intention of stealing "pioneering research" related to COVID-19, according to Brett Leatherman, deputy director of the FBI's Cyber Division.

These attacks allegedly exploited security flaws in Microsoft Exchange servers, as part of the global cyber espionage campaign known as "HAFNIUM," which compromised thousands of computer systems worldwide.

The investigation identifies Xu as an experienced hacker who, during the execution of these intrusions, worked for the company Shanghai Powerock Network Co. Ltd. (Powerock). Among the crimes attributed to him are wire fraud, unauthorized access to protected computer systems, intentional damage to computer equipment, and aggravated identity theft. The Department of Justice emphasized that Zhang Yu, who is also accused, remains at large.

In an official statement, the U.S. Attorney for the Southern District of Texas, Nicholas Ganjei, stated: "The indictment alleges that Xu hacked and stole crucial information about COVID-19 at the behest of the Chinese government, while that same government simultaneously concealed information about the virus and its origins."

Ganjei added that the U.S. Attorney's Office for the Southern District of Texas "has been waiting for years" to prosecute Xu. "That day is just around the corner. As this case demonstrates, even if it takes years, we'll track down hackers and hold them accountable for their crimes. The U.S. doesn't forget," he concluded.