A senior FBI official said on Thursday that China’s hack-for-hire environment has escalated into a system that enables cyber actors to claim plausible deniability, and emphasized that those actors remain vulnerable to arrest if they travel outside China.
FBI Assistant Director Brett Leatherman described the ecosystem as having "gotten out of control" and said protection that Chinese hackers receive "inside China does not extend the moment you cross a border." His remarks came in the wake of a recent extradition to the United States involving a Chinese national accused of taking part in government-directed hacking campaigns.
Authorities in the United States on April 27 announced the extradition of Xu Zewei, 34, to face allegations he participated in extensive intrusion campaigns in 2020 and 2021 while employed by a Chinese contractor and operating at the direction of the Chinese government. Xu was arrested in Milan in July 2025 and was transferred to the United States after an Italian court authorized his extradition.
U.S. prosecutors say Xu and several co-conspirators targeted U.S.-based universities and scientists - including immunologists and virologists working on COVID-19 vaccines, treatments, and testing. According to the Department of Justice, the efforts were reported by the hackers to the Chinese Ministry of State Security’s Shanghai State Security Bureau, and an officer within that bureau then instructed Xu to pursue particular email accounts belonging to virologists and immunologists.
The Department of Justice also said Xu and others exploited vulnerabilities in Microsoft Exchange Server as part of a broad campaign publicly tracked as "Hafnium." A senior DOJ official told reporters that the Hafnium activity included intrusions into law firms, where actors searched for information about U.S. policymakers and government agencies.
Diplomatic reactions were swift. The Chinese Embassy in Washington did not reply to a request for comment. Chinese Foreign Ministry Spokesperson Lin Jian said on April 27 that Beijing opposed what it described as Washington "fabricating charges through political manipulation," and urged the Italian government to "avoid becoming an accomplice of the U.S."
Lawyers listed as representing Xu did not immediately respond to a request for comment, according to U.S. officials.
Context and implications
Leatherman’s statement frames travel as a point of legal vulnerability for suspected state-affiliated cyber actors, underscoring that purported domestic protections may not prevent foreign law enforcement action. The extradition of a single suspect - the DOJ says 34-year-old Xu - illustrates the use of international legal mechanisms to pursue alleged participants in campaigns tied to the Chinese state, including operations that targeted academic and scientific research as well as legal institutions.
What remains uncertain
- How many additional individuals implicated in the campaigns remain outside jurisdictions where they are vulnerable to arrest.
- How courts in other countries will respond to future U.S. extradition requests tied to alleged state-directed cyber activity.
Officials continue to characterize the matter in legal and diplomatic terms, while defenders of those accused have not, as of the latest public statements, provided responses to the charges described by U.S. authorities.