{
	"id": "e51f8215-eb3a-4144-9f7b-5746e53e5c8f",
	"created_at": "2026-04-06T00:19:03.194556Z",
	"updated_at": "2026-04-10T03:35:48.413277Z",
	"deleted_at": null,
	"sha1_hash": "e38d39ab3018fe14df289058ecbad37fcc82a4f7",
	"title": "Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2396555,
	"plain_text": "Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage\r\nBy Lawrence Abrams\r\nPublished: 2025-07-08 · Archived: 2026-04-05 21:23:31 UTC\r\nA Chinese national was arrested in Milan, Italy, last week for allegedly being linked to the state-sponsored Silk Typhoon\r\nhacking group, which responsible for cyberattacks against American organizations and government agencies.\r\nAccording to Italian media ANSA, the 33-year-old man, Xu Zewei, was arrested at Milan's Malpensa Airport on July 3rd\r\nafter arriving on a flight from China. Italian police arrested the suspect on an international warrant from the U.S.\r\ngovernment.\r\nANSA reports that Xu is accused of being linked to the Chinese state-sponsored Silk Typhoon hacking group, aka\r\nHafnium, which has been responsible for a wide range of cyberespionage attacks against the U.S. and other countries.\r\nhttps://www.bleepingcomputer.com/news/security/alleged-chinese-hacker-tied-to-silk-typhoon-arrested-for-cyberespionage/\r\nPage 1 of 3\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/alleged-chinese-hacker-tied-to-silk-typhoon-arrested-for-cyberespionage/\r\nPage 2 of 3\n\nVisit Advertiser websiteGO TO PAGE\r\nIn particular, Italian media reports that Xu is linked to the 2020 Silk Typhoon cyberattacks on infectious disease researchers\r\nand healthcare organizations, which aimed to steal data on anti-COVID vaccines.\r\n\"These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public\r\nhealth data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related\r\nresearch,\" read the joint advisory.\r\nThe hacking group has also been linked to more recent cyberespionage campaigns, including those on the U.S. Treasury's\r\nOffice of Foreign Assets Control (OFAC) and the Committee on Foreign Investment.\r\nIn March, Microsoft reported that Silk Typhoon had begun targeting remote management tools and cloud services in supply\r\nchain attacks to gain access to downstream customers' networks.\r\nXu is currently being held in Busto Arsizio prison with the U.S. seeking extradition to face trial in the States.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/alleged-chinese-hacker-tied-to-silk-typhoon-arrested-for-cyberespionage/\r\nhttps://www.bleepingcomputer.com/news/security/alleged-chinese-hacker-tied-to-silk-typhoon-arrested-for-cyberespionage/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/alleged-chinese-hacker-tied-to-silk-typhoon-arrested-for-cyberespionage/"
	],
	"report_names": [
		"alleged-chinese-hacker-tied-to-silk-typhoon-arrested-for-cyberespionage"
	],
	"threat_actors": [
		{
			"id": "7c969685-459b-4c93-a788-74108eab6f47",
			"created_at": "2023-01-06T13:46:39.189751Z",
			"updated_at": "2026-04-10T02:00:03.241102Z",
			"deleted_at": null,
			"main_name": "HAFNIUM",
			"aliases": [
				"Red Dev 13",
				"Silk Typhoon",
				"MURKY PANDA",
				"ATK233",
				"G0125",
				"Operation Exchange Marauder"
			],
			"source_name": "MISPGALAXY:HAFNIUM",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "2704d770-43b4-4bc4-8a5a-05df87416848",
			"created_at": "2022-10-25T15:50:23.306305Z",
			"updated_at": "2026-04-10T02:00:05.296581Z",
			"deleted_at": null,
			"main_name": "HAFNIUM",
			"aliases": [
				"HAFNIUM",
				"Operation Exchange Marauder",
				"Silk Typhoon"
			],
			"source_name": "MITRE:HAFNIUM",
			"tools": [
				"Tarrask",
				"ASPXSpy",
				"Impacket",
				"PsExec",
				"China Chopper"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "529c1ae9-4579-4245-86a6-20f4563a695d",
			"created_at": "2022-10-25T16:07:23.702006Z",
			"updated_at": "2026-04-10T02:00:04.71708Z",
			"deleted_at": null,
			"main_name": "Hafnium",
			"aliases": [
				"G0125",
				"Murky Panda",
				"Red Dev 13",
				"Silk Typhoon"
			],
			"source_name": "ETDA:Hafnium",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434743,
	"ts_updated_at": 1775792148,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e38d39ab3018fe14df289058ecbad37fcc82a4f7.pdf",
		"text": "https://archive.orkl.eu/e38d39ab3018fe14df289058ecbad37fcc82a4f7.txt",
		"img": "https://archive.orkl.eu/e38d39ab3018fe14df289058ecbad37fcc82a4f7.jpg"
	}
}