Sign up to save your podcasts
Or
Share Xu Zewei Nabbed in Milan! COVID Hacks Exposed as US Seeks Extradition
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Xu Zewei Nabbed in Milan! COVID Hacks Exposed as US Seeks Extradition
This is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here, ready with your China Hack Report: Daily US Tech Defense for July 8, 2025. No fluff, just the critical scoop—let’s jump in!
First, the global headline: Xu Zewei, infamous for his ties to China’s Ministry of State Security, was just nabbed in Milan after a U.S. extradition request. Xu isn’t some small-time script kiddie—he allegedly ran massive campaigns with the Hafnium and Silk Typhoon groups, targeting U.S. COVID-19 research and Microsoft Exchange servers. According to the U.S. Department of Justice, Xu—along with his never-seen buddy Zhang Yu—stole sensitive COVID-19 data from American universities back in the chaotic spring of 2020, then pivoted to breach more than 60,000 Exchange servers in 2021. Most of these were run by small businesses who probably thought their passwords were safe. I’ll bet they’re changing their tune now.
If you’re in healthcare, higher ed, or running anything with an Exchange server, pause and check those logs—Xu admitted to breaching a Texas university network, accessing immunologists’ emails, and then reporting straight back to the MSS. Shanghai Powerock Network, his employer, is reportedly the hacker hub for this mischief. Zhang Yu, if you’re tuning in, the FBI would like a word. Meanwhile, big hats off to FBI Houston and the University of Texas Medical Branch for sounding the alarm.
But while Xu was trading travel miles for extradition points, another Chinese national, Zhu Ziwei, got stopped at Milan’s Malpensa Airport. Italian investigators say he’s linked to Silk Typhoon’s wild ride—a hacking spree targeting everything from infectious disease researchers to healthcare orgs. Best guess? Data for dollars and some high-stakes COVID vaccine espionage, circa 2020. The U.S. wants Zhu extradited too, but expect some diplomatic table-flipping from Beijing.
On the tech defense front, CISA isn’t sleeping. This week, they blasted out an emergency directive covering four actively exploited vulnerabilities—some so vintage I had to double-check the calendar. First up, CitrixBleed 2: Citrix NetScaler admins, you need that CVE-2025-57777 patch now. For everyone else, patch CVE-2014-3931, an ancient buffer overflow in Multi-Router Looking Glass, plus CVE-2016-10033 in PHPMailer, and CVE-2019-5418 in Ruby on Rails. Don’t forget the Zimbra SSRF flaw, CVE-2019-9621—Trend Micro says China-linked Earth Lusca has already been abusing it to drop web shells and launch Cobalt Strike. Agencies have until July 28 to patch, but why wait for the deadline when the malware’s already out?
Immediate recommendations from CISA: Patch now, strengthen insider threat detection (especially for privileged users), audit all email and collaboration systems, and make sure your zero trust posture isn’t just marketing lingo. And if your org runs critical infrastructure like utilities or banking, double up on monitoring as threat actors—including some with Brazilian ties—are ramping up access-for-sale schemes.
That wraps this whirlwind! Thank you for tuning in—be sure to subscribe for your daily fix of hacks, mischief, and defense tips. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Hey listeners, Ting here, ready with your China Hack Report: Daily US Tech Defense for July 8, 2025. No fluff, just the critical scoop—let’s jump in!
First, the global headline: Xu Zewei, infamous for his ties to China’s Ministry of State Security, was just nabbed in Milan after a U.S. extradition request. Xu isn’t some small-time script kiddie—he allegedly ran massive campaigns with the Hafnium and Silk Typhoon groups, targeting U.S. COVID-19 research and Microsoft Exchange servers. According to the U.S. Department of Justice, Xu—along with his never-seen buddy Zhang Yu—stole sensitive COVID-19 data from American universities back in the chaotic spring of 2020, then pivoted to breach more than 60,000 Exchange servers in 2021. Most of these were run by small businesses who probably thought their passwords were safe. I’ll bet they’re changing their tune now.
If you’re in healthcare, higher ed, or running anything with an Exchange server, pause and check those logs—Xu admitted to breaching a Texas university network, accessing immunologists’ emails, and then reporting straight back to the MSS. Shanghai Powerock Network, his employer, is reportedly the hacker hub for this mischief. Zhang Yu, if you’re tuning in, the FBI would like a word. Meanwhile, big hats off to FBI Houston and the University of Texas Medical Branch for sounding the alarm.
But while Xu was trading travel miles for extradition points, another Chinese national, Zhu Ziwei, got stopped at Milan’s Malpensa Airport. Italian investigators say he’s linked to Silk Typhoon’s wild ride—a hacking spree targeting everything from infectious disease researchers to healthcare orgs. Best guess? Data for dollars and some high-stakes COVID vaccine espionage, circa 2020. The U.S. wants Zhu extradited too, but expect some diplomatic table-flipping from Beijing.
On the tech defense front, CISA isn’t sleeping. This week, they blasted out an emergency directive covering four actively exploited vulnerabilities—some so vintage I had to double-check the calendar. First up, CitrixBleed 2: Citrix NetScaler admins, you need that CVE-2025-57777 patch now. For everyone else, patch CVE-2014-3931, an ancient buffer overflow in Multi-Router Looking Glass, plus CVE-2016-10033 in PHPMailer, and CVE-2019-5418 in Ruby on Rails. Don’t forget the Zimbra SSRF flaw, CVE-2019-9621—Trend Micro says China-linked Earth Lusca has already been abusing it to drop web shells and launch Cobalt Strike. Agencies have until July 28 to patch, but why wait for the deadline when the malware’s already out?
Immediate recommendations from CISA: Patch now, strengthen insider threat detection (especially for privileged users), audit all email and collaboration systems, and make sure your zero trust posture isn’t just marketing lingo. And if your org runs critical infrastructure like utilities or banking, double up on monitoring as threat actors—including some with Brazilian ties—are ramping up access-for-sale schemes.
That wraps this whirlwind! Thank you for tuning in—be sure to subscribe for your daily fix of hacks, mischief, and defense tips. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
View all episodes
By Quiet. PleaseThis is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here, ready with your China Hack Report: Daily US Tech Defense for July 8, 2025. No fluff, just the critical scoop—let’s jump in!
First, the global headline: Xu Zewei, infamous for his ties to China’s Ministry of State Security, was just nabbed in Milan after a U.S. extradition request. Xu isn’t some small-time script kiddie—he allegedly ran massive campaigns with the Hafnium and Silk Typhoon groups, targeting U.S. COVID-19 research and Microsoft Exchange servers. According to the U.S. Department of Justice, Xu—along with his never-seen buddy Zhang Yu—stole sensitive COVID-19 data from American universities back in the chaotic spring of 2020, then pivoted to breach more than 60,000 Exchange servers in 2021. Most of these were run by small businesses who probably thought their passwords were safe. I’ll bet they’re changing their tune now.
If you’re in healthcare, higher ed, or running anything with an Exchange server, pause and check those logs—Xu admitted to breaching a Texas university network, accessing immunologists’ emails, and then reporting straight back to the MSS. Shanghai Powerock Network, his employer, is reportedly the hacker hub for this mischief. Zhang Yu, if you’re tuning in, the FBI would like a word. Meanwhile, big hats off to FBI Houston and the University of Texas Medical Branch for sounding the alarm.
But while Xu was trading travel miles for extradition points, another Chinese national, Zhu Ziwei, got stopped at Milan’s Malpensa Airport. Italian investigators say he’s linked to Silk Typhoon’s wild ride—a hacking spree targeting everything from infectious disease researchers to healthcare orgs. Best guess? Data for dollars and some high-stakes COVID vaccine espionage, circa 2020. The U.S. wants Zhu extradited too, but expect some diplomatic table-flipping from Beijing.
On the tech defense front, CISA isn’t sleeping. This week, they blasted out an emergency directive covering four actively exploited vulnerabilities—some so vintage I had to double-check the calendar. First up, CitrixBleed 2: Citrix NetScaler admins, you need that CVE-2025-57777 patch now. For everyone else, patch CVE-2014-3931, an ancient buffer overflow in Multi-Router Looking Glass, plus CVE-2016-10033 in PHPMailer, and CVE-2019-5418 in Ruby on Rails. Don’t forget the Zimbra SSRF flaw, CVE-2019-9621—Trend Micro says China-linked Earth Lusca has already been abusing it to drop web shells and launch Cobalt Strike. Agencies have until July 28 to patch, but why wait for the deadline when the malware’s already out?
Immediate recommendations from CISA: Patch now, strengthen insider threat detection (especially for privileged users), audit all email and collaboration systems, and make sure your zero trust posture isn’t just marketing lingo. And if your org runs critical infrastructure like utilities or banking, double up on monitoring as threat actors—including some with Brazilian ties—are ramping up access-for-sale schemes.
That wraps this whirlwind! Thank you for tuning in—be sure to subscribe for your daily fix of hacks, mischief, and defense tips. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Hey listeners, Ting here, ready with your China Hack Report: Daily US Tech Defense for July 8, 2025. No fluff, just the critical scoop—let’s jump in!
First, the global headline: Xu Zewei, infamous for his ties to China’s Ministry of State Security, was just nabbed in Milan after a U.S. extradition request. Xu isn’t some small-time script kiddie—he allegedly ran massive campaigns with the Hafnium and Silk Typhoon groups, targeting U.S. COVID-19 research and Microsoft Exchange servers. According to the U.S. Department of Justice, Xu—along with his never-seen buddy Zhang Yu—stole sensitive COVID-19 data from American universities back in the chaotic spring of 2020, then pivoted to breach more than 60,000 Exchange servers in 2021. Most of these were run by small businesses who probably thought their passwords were safe. I’ll bet they’re changing their tune now.
If you’re in healthcare, higher ed, or running anything with an Exchange server, pause and check those logs—Xu admitted to breaching a Texas university network, accessing immunologists’ emails, and then reporting straight back to the MSS. Shanghai Powerock Network, his employer, is reportedly the hacker hub for this mischief. Zhang Yu, if you’re tuning in, the FBI would like a word. Meanwhile, big hats off to FBI Houston and the University of Texas Medical Branch for sounding the alarm.
But while Xu was trading travel miles for extradition points, another Chinese national, Zhu Ziwei, got stopped at Milan’s Malpensa Airport. Italian investigators say he’s linked to Silk Typhoon’s wild ride—a hacking spree targeting everything from infectious disease researchers to healthcare orgs. Best guess? Data for dollars and some high-stakes COVID vaccine espionage, circa 2020. The U.S. wants Zhu extradited too, but expect some diplomatic table-flipping from Beijing.
On the tech defense front, CISA isn’t sleeping. This week, they blasted out an emergency directive covering four actively exploited vulnerabilities—some so vintage I had to double-check the calendar. First up, CitrixBleed 2: Citrix NetScaler admins, you need that CVE-2025-57777 patch now. For everyone else, patch CVE-2014-3931, an ancient buffer overflow in Multi-Router Looking Glass, plus CVE-2016-10033 in PHPMailer, and CVE-2019-5418 in Ruby on Rails. Don’t forget the Zimbra SSRF flaw, CVE-2019-9621—Trend Micro says China-linked Earth Lusca has already been abusing it to drop web shells and launch Cobalt Strike. Agencies have until July 28 to patch, but why wait for the deadline when the malware’s already out?
Immediate recommendations from CISA: Patch now, strengthen insider threat detection (especially for privileged users), audit all email and collaboration systems, and make sure your zero trust posture isn’t just marketing lingo. And if your org runs critical infrastructure like utilities or banking, double up on monitoring as threat actors—including some with Brazilian ties—are ramping up access-for-sale schemes.
That wraps this whirlwind! Thank you for tuning in—be sure to subscribe for your daily fix of hacks, mischief, and defense tips. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta