Industrial Espionage and International Justice: The Arrest of Xu Zewei Exposes Ongoing Threats to Critical Research

Breached Company

Breached Company

6 min read
Industrial Espionage and International Justice: The Arrest of Xu Zewei Exposes Ongoing Threats to Critical Research
Photo by Dan Novac / Unsplash

Bottom Line Up Front: The arrest of Chinese national Xu Zewei in Italy for alleged COVID vaccine espionage highlights the persistent threat of state-sponsored industrial espionage targeting critical U.S. research, demonstrating both the international scope of these operations and the effectiveness of cross-border law enforcement cooperation.

The arrest of a Chinese national at Milan's Malpensa airport last week has thrust international industrial espionage back into the spotlight, revealing the ongoing vulnerabilities of critical medical research and the complex web of international cooperation required to combat modern cyber threats.

The Arrest: A Multi-Year Investigation Culminates

Italian police arrested 33-year-old Xu Zewei from Shanghai after he arrived at Milan's Malpensa airport on a U.S. arrest warrant as part of an FBI investigation. U.S. authorities allege that he was part of a team of hackers who tried to access a COVID vaccine being developed by the University of Texas in 2020.

The timing of Xu's arrest suggests law enforcement agencies have been building their case for years since the alleged 2020 cyber intrusion. The charges listed on the U.S. arrest warrant include wire fraud and aggravated identity theft, conspiracy to commit wire fraud, and unauthorized access to protected computers. Xu faces an extradition hearing in Milan, where Italian courts will determine whether he should be sent to the United States to face trial.

The arrest represents a significant victory for international law enforcement cooperation. That Italian authorities were able to apprehend Xu on a U.S. warrant demonstrates the increasingly coordinated global response to cyber espionage, particularly when it targets critical infrastructure and research.

COVID-19: A Prime Target for Nation-State Espionage

The COVID-19 pandemic created an unprecedented environment for cyber espionage as nations raced to develop vaccines and treatments. Throughout 2020, APT29 has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.

The value of COVID vaccine research made it an irresistible target for state-sponsored hackers. A viable vaccine is a very valuable piece of intellectual property. Beyond the pharmaceutical formula itself, even data on testing and drug trials can be valuable to an organization working to develop its own drug.

Multiple nations targeted vaccine research during the pandemic. Russian cyber-espionage group APT29 has been accused of trying to steal research from organizations hunting for a COVID-19 vaccine, while North Korean cyber attackers reportedly targeted the vaccine maker AstraZeneca in the UK. They apparently used spear phishing via social media to try to inject malware by way of job description documents.

The scale of these attacks was extraordinary. A malicious cyber actor is using a variety of tools and techniques to target organizations involved in COVID-19 research and vaccine development. Tools include SOREFANG, WELLMESS, and WELLMAIL malware.

The Broader Context: China's Industrial Espionage Campaign

Xu's arrest fits into a much larger pattern of Chinese industrial espionage that has cost the American economy hundreds of billions of dollars annually. About 80 percent of all economic espionage prosecutions brought by the U.S. Department of Justice (DOJ) allege conduct that would benefit the Chinese state, and there is at least some nexus to China in around 60 percent of all trade secret theft cases.

The FBI has characterized the scope of Chinese espionage as unprecedented. Even as we speak, the FBI has about 1,000 investigations involving China's attempted theft of U.S.-based technology, in all 56 of our field offices, spanning almost every industry and sector. The targets are remarkably diverse: The Chinese have targeted companies producing everything from proprietary rice and corn seeds to software for wind turbines to high-end medical devices.

Recent years have seen a surge in enforcement actions. The FBI is now opening a new China-related counterintelligence case every 10 hours. Of the nearly 5,000 active counterintelligence cases currently under way across the country, almost half are related to China.

The methods employed by Chinese intelligence services have evolved significantly. The Chinese are using an expanding set of non-traditional methods—both lawful and unlawful—blending things like foreign investments and corporate acquisitions with things like cyber intrusions and espionage by corporate insiders.

Recent Escalation: A Pattern of Aggressive Activity

The arrest comes amid a period of heightened Chinese espionage activity targeting U.S. interests. In 2025 alone, multiple high-profile cases have emerged involving Chinese nationals accused of stealing sensitive information.

In January 2025, John Harold Rogers was indicted and arrested for alleged conspiracy to steal Federal Reserve trade secrets for the Chinese government. Rogers worked as a former senior advisor to the Federal Reserve Board of Governors's division of international finance from 2010 until 2021.

On March 6, 2025, Jian Zhao, and Li Tian, both active-duty U.S. Army soldiers, along with Ruoyu Duan, a former U.S. Army soldier, were arrested. Tian and Duan were charged with conspiring to commit bribery and theft of government property, specifically U.S. military information.

The telecommunications sector has been particularly targeted. In late 2024, the White House disclosed details of a massive Chinese hacking campaign that had infiltrated at least eight U.S. telecom companies. This campaign, described as one of the largest hacks on American telecommunications firms, allowed Chinese officials access to private texts and phone conversations.

Academic and Research Vulnerabilities

Universities and research institutions remain prime targets for Chinese espionage operations. In 2024, five Shanghai Jiao Tong University students who participated in an exchange program with the University of Michigan were charged with espionage-related offenses after being caught during exercises at Camp Grayling which included Taiwanese forces.

This incident led to broader institutional responses: In January 2025, the University of Michigan ended its partnership with Shanghai Jiao Tong University. This closely followed the termination of other relationships between US and Chinese universities, by the US partner, notably between Georgia Tech and Tianjin University, UC, Berkeley and Tsinghua University, both in 2024-5.

The Economic and Strategic Stakes

The financial impact of Chinese industrial espionage is staggering. Chinese industrial espionage has cost the U.S. economy between $225 billion and $600 billion annually, targeting critical industries such as aerospace, telecommunications, and renewable energy.

This theft serves multiple strategic purposes beyond immediate economic gain. China has sought to advance its technological and industrial capabilities to leapfrog development stages, thereby enhancing its global competitive standing without the extensive research and development costs incurred by Western nations. This approach is part of a broader national strategy to achieve "Made in China 2025," an initiative aimed at elevating China to a global leader in high-tech industries.

International Cooperation and Response

The successful arrest of Xu Zewei demonstrates the importance of international law enforcement cooperation in combating cyber espionage. Italian authorities' swift action on the U.S. arrest warrant shows how allied nations are working together to address these threats.

However, challenges remain significant. The Chinese government is clearly taking the long view here—and that's an understatement. They've made the long view an art form. They're calculating. They're persistent. They're patient.

The arrest also highlights the global nature of modern espionage operations. Criminal actors can operate across multiple jurisdictions, requiring coordinated international responses to effectively combat their activities.

Technology Sector Implications

The targeting of COVID vaccine research reflects broader concerns about protecting critical technologies and research. Chinese cyber-attacks seem to target strategic industries in which China lags; attacks on defense companies target weapons-systems information, and attacks on technology companies seek source code critical to software applications.

In July 2024, Mandiant reported a major resurgence in malware attacks by APT 41, a notorious hacking group backed by the Chinese government. The group was found targeting organizations in the shipping, logistics, technology, and automotive industries across Europe and Asia.

Looking Forward: Lessons and Challenges

Xu Zewei's case offers several important lessons for protecting critical research and intellectual property:

International Coordination Works: The successful arrest demonstrates that international law enforcement cooperation can effectively target cybercriminals operating across borders.

Persistent Threats Require Persistent Vigilance: The multi-year timeline from the alleged 2020 attacks to Xu's 2025 arrest shows that these investigations take time, but authorities are committed to pursuing accountability.

Critical Research Needs Enhanced Protection: The targeting of COVID vaccine research during a global pandemic shows that no research is too sensitive or too important to be immune from espionage attempts.

Academic Vulnerabilities: Universities and research institutions need better security protocols and awareness of the risks posed by international collaborations with entities that may have connections to foreign intelligence services.

Conclusion

The arrest of Xu Zewei represents both a victory for international law enforcement and a sobering reminder of the persistent threats facing critical U.S. research and technology. As cyber espionage continues to evolve and expand, the case underscores the need for robust international cooperation, enhanced cybersecurity measures, and sustained vigilance to protect the intellectual property and research that drive innovation and national security.

The upcoming extradition proceedings will test the strength of the FBI's case and may provide further insights into the scope and methods of the alleged espionage operation. Regardless of the outcome, Xu's arrest sends a clear message that the international community is committed to pursuing accountability for cyber espionage, even when it crosses multiple borders and involves years-long investigations.

As nations continue to compete for technological advantage, protecting critical research while maintaining the openness that drives innovation remains one of the most significant challenges of our time. The Xu Zewei case offers a window into this ongoing struggle and the complex international efforts required to address it.

Read more