China-sponsored hacker stole COVID data from top US universities, labs: feds
'While the world was reeling from a virus that originated in China, the Chinese government plotted to steal US research critical to vaccine development,' FBI Houston Special Agent in Charge Douglas Williams said in a statement released Tuesday.
Suspect Zewei Xu, 33, infiltrated American research facilities as an agent for China's Ministry of State Security and the Shanghai State Security Bureau to pilfer the information on the virus and vaccines over nearly two years, prosecutors in the District Attorneys Office in the Southern District of Texas said in the release.
3 Federal prosecutors said the alleged Chinese hacker was part of the Hafnium hack identified by Microsft in 2021.
Montri – stock.adobe.com
Xu, who was on the run since 2023, was recently nabbed by the FBI and international authorities in Milan, Italy, after getting off a plane from China and is facing extradition to the US, prosecutors said.
'[Xu's] landmark arrest by FBI Houston agents in Italy proves that we will scour the ends of the Earth to hold criminal foreign adversaries accountable,' Williams said.
According to a newly unsealed indictment, Xu and accused 44-year-old cohort Yu Zhang, who remains on the run, were part of a Chinese-sponsored covert plot to steal US data on COVID-19 research between February 2020 and June 2021.
3 Federal prosecutors in Texas said a Chinese-government sponsored hacker stole US COVID vaccine data.
Getty Images
The pair were part of a coordinated Chinese cyberattack on various US industries that was identified and exposed by Microsoft in 2021 and is publicly known as 'Hafnium.'
In early 2020, Xu and his accomplice allegedly targeted universities in Texas and elsewhere, as well as leading immunologists and virologists who were working on COVID vaccines.
On Feb. 19, 2020, he allegedly contacted his Chinese handlers to report that he had compromised the network of one Texas facility. He was told to 'access specific email accounts belonging to virologists and immunologists engaged in COVID-19 research,' prosecutors said.
On Feb. 28, 2021, the feds said Xu informed the Shanghai State Security Bureau about his 'successful intrusions' into the school's database and was told to get data on other operations, too.
3 Xu Zewei, 33, was nabbed by the FBI in Italy and charged with hacking into US COVID research databanks.
Bloomberg via Getty Images
Xu and Zhang were indicted on wire fraud conspiracy and related federal hacking charges in November 2023, with the charges remaining sealed until Xu's arrest in Italy.
'The Southern District of Texas has been waiting years to bring Xu to justice, and that day is nearly at hand,' district US Attorney Nicholas Ganjei said in a statement. 'As this case shows, even if it takes years we will track hackers down and make them answer for their crimes.
'The United States does not forget.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNN
27 minutes ago
- CNN
How watches stolen from Keanu Reeves in Los Angeles ended up in the hands of a gang in Chile
Six watches that had been stolen from actor Keanu Reeves in Los Angeles were handed over to the FBI this week at the US Embassy in Santiago, Chile, nearly 9,000 kilometers away, to be returned to their owner. The discovery of the luxury watches 'was circumstantial,' the embassy said, as it occurred during a broader police investigation into home burglaries in the eastern part of the Chilean capital. Authorities were targeting a criminal group, not imagining its ramifications would extend to Hollywood. 'In 2023, this gang was committing robbery offenses. Once they were fenced in and (the case) became widely reported due to the violence they used, some of these individuals migrated and began committing crimes abroad using the same modus operandi,' Deputy Prefect Marcelo Varas, head of the Robbery and Criminal Intervention Investigation Brigade of the Chilean Investigative Police, told CNN. Varas explained that the gang sought to break into empty homes, but if they encountered someone, they would act violently. During the operations and raids, investigators located one of the suspects in a house in the commune of Peñalolén, where they found valuable items, including watches, one of which bore an inscription. 'One of the detectives, who liked the John Wick film series, managed to recognize the item,' Varas said. 'He had read the story about the (stunt) doubles, each of whom had been given a watch. We tracked them down and actually made a match,' he added. In 2021, Reeves gifted Rolex Submariners to the stunt crew he worked with on 'John Wick: Chapter 4.' Each one had his name on the back with the caption, 'Thank you, JW4, 2021, The John Wick Five.' Prosecutor Claudia Barraza said at the embassy handover ceremony there was no evidence that the criminal group that broke into Reeves' home was the same one that brought the watches to Chile. But Varas pointed out that authorities had also seized a cell phone used by the individual who allegedly committed the robbery. On that device, they found photos taken in the United States showing the watch in question, a gun, and the actor's driver's license, leading investigators to believe the pictures were taken at Reeves' home. Varas explained that, due to legal issues, they had to wait for the actor to confirm that they were his belongings, and said he recognized them from photos at a Los Angeles police station. In the John Wick saga, ironically, Reeves plays a former hitman seeking revenge after his home was burglarized (and his dog killed). But the 2023 incident isn't the only break-in the movie star has experienced. In 2014, months before the release of the first film in the series, the Los Angeles Police reported two break-ins at his home in a span of three days, although no burglaries were reported during those incidents. In the 2023 robbery, Reeves' losses are believed to have amounted to $7 million, according to Hugo Haeger, deputy director of Police and Criminal Investigation in Chile. CNN has reached out to the FBI for more information on the case. Varas says there's 'always' coordination with other countries' security agencies, which includes the exchange of intelligence information. One aspect of the investigation is determining how the stolen items entered Chile. The deputy prefect indicated that gangs most commonly use parcel systems or send items through tourists with no criminal record. Thus, the watch could easily have passed through airport security on the wrist of a traveler who didn't raise suspicions. 'Watches are a prized possession; there are people who dedicate themselves to collecting them. If it's a brand, or a piece valued for being unique, or a famous actor's, they want it even more,' Varas said. In the case of Reeves' Rolex Submariner, the model is offered for more than $10,000 in official stores, but on the black market and with the actor's name on it, it could be worth much more. The fates of the other suspected gang members vary. The brother of the alleged perpetrator of the Los Angeles robbery has been convicted of robbery with intimidation and customs fraud. Another suspect, Varas notes, died in a confrontation between criminal gangs. The investigator also said that, while one traveled to the US and continued committing crimes, another traveled to Argentina, where he was arrested for home robberies in Buenos Aires. 'Unfortunately, we export this type of crime, but we also provide' information to the law enforcement agencies, Varas said. In December, following home burglaries in wealthy areas of Oakland County, Michigan, Sheriff Mike Bouchard told Fox 2 that 'extremely well-trained' Chileans were to blame. He demanded an end to Chile's participation in the Visa Waiver program, which allows its citizens to enter the US without a visa for travel of up to 90 days for tourism or business. His comments caused an uproar in the South American country. During a recent visit to Chile, US Secretary of Homeland Security Kristi Noem signed a letter of intent to expand a Biometric Identification Transnational Migration Alert program with Chile, arguing that is necessary for tracking criminals. Regarding visas, she said, 'Chile's continued collaboration with our visa waiver program is invaluable to our country, and we appreciate their partnership in that regard.' Meanwhile, the deputy legal attaché at the US Embassy, Blaine Freestone, who will be responsible for personally presenting the watches to Reeves, emphasized that 'thanks to the ongoing cooperation with Chilean authorities, justice is being delivered to victims of transnational crimes.' Varas asserted that the Visa Waiver program generates ongoing cooperation from law enforcement agencies. 'They need our information,' he said. CNN's Michael Rios contributed to this report.
New York Times
an hour ago
- New York Times
Durham's Debunking of the ‘Clinton Plan' Emails, Explained
Kash Patel, the F.B.I. director, and other Trump allies have declared that a newly declassified report on the Russia investigation provides 'evidence that the Clinton campaign plotted to frame President Trump and fabricate the Russia collusion hoax.' The reality is almost precisely the opposite. The report shows that a purported email that Trump supporters have long tried to portray as a smoking gun is instead most likely a fake. Russian spies appear to have tried to make it seem authentic by assembling passages lifted from actual emails by different hacking victims. Here is a closer look. What is the issue? In recent weeks, the Trump administration has declassified a series of reports and documents related to the origins of the Russia inquiry as it has sought to change the subject from its broken promise to release Jeffrey Epstein files. Mr. Trump and his aides have coupled those releases with wild and inaccurate claims about what they show, spinning the reports as proof of his long-running narrative that the investigation was a hoax instigated by enemies for political reasons. There are different versions of this narrative: blaming President Barack Obama and his appointees, a supposed cabal of career national security officials, Hillary Clinton and her 2016 presidential campaign, or some combination of them. The latest declassification centers on Mrs. Clinton. What is the 'Clinton Plan' theory? The theory posits that Mrs. Clinton and her campaign must have set out to frame Mr. Trump for collusion by putting forward information they knew to be false. It is a way to blame Mrs. Clinton for the fact that Mr. Trump's campaign came under suspicions that prompted the Russia investigation eventually led by Robert S. Mueller III, the special counsel. In reality, the F.B.I. opened its investigation based on a lead it received from the Australian government in late July 2016, after WikiLeaks released Democratic emails stolen by Russian hackers and disrupted the Democratic convention. The tip involved a Trump campaign adviser suggesting, before the hacking had become public, that the campaign had received outreach from Russia and knew what it would do. Trump allies interested in blaming Mrs. Clinton's campaign have focused, as an origin story, on a purported July 27, 2016, email that said Mrs. Clinton had approved a plan by a campaign foreign policy adviser to link Mr. Trump to Russia as a way of distracting from the scandal over her use of a personal email server while secretary of state. When did the 'Clinton Plan' enter the discourse? It became a topic of discussion in late September 2020, as that year's presidential campaign neared an end. John Ratcliffe, a top intelligence official under Mr. Trump, declassified and made public that Russian intelligence analysis claimed Mrs. Clinton had 'approved a campaign plan to stir up a scandal' against Mr. Trump by tying him to President Vladimir V. Putin and Russian hacking. While acknowledging that the information might be inaccurate or a fabrication, Mr. Ratcliffe also revealed that John Brennan, the C.I.A. director in 2016, had mentioned this claim in Russian intelligence analysis in a briefing to Mr. Obama about Russia's election meddling in August of that year. Later, John H. Durham, the special counsel appointed by the Trump administration to scour the Russia investigation for wrongdoing, referred to the purported email in his 2023 final report as the 'Clinton Plan intelligence.' Where did the information come from? In 2016, a Dutch spy agency hacked a Russian spy agency and copied internal memos and messages by Russian intelligence analysts. The Russians were writing reports about various topics based on the emails of American victims of Russian hacking operations. The Dutch shared a copy of the trove with the United States. From the beginning, U.S. officials have said, they viewed the material with caution. Among other things, some reports were said to make inconsistent or false claims — raising the possibility that Russians had exaggerated things for their own purposes, or knew the server was compromised and deliberately mixed in disinformation. What is the new report? It is a 29-page annex to Mr. Durham's 2023 report. The annex, which was declassified on Thursday, quotes the purported July 27 email and reveals that there was a related one on July 25. The report also shows how Mr. Durham expended significant effort trying to prove that the emails were real, but gathered evidence that led him to conclude that Russian spies likely concocted them. What are the two purported emails? Both are attributed to Leonard Benardo of the Open Society Foundations network, the philanthropic arm of the liberal financier George Soros, whom Russian state media and some conservatives have vilified. The July 25 message contained two paragraphs about reporting on the hacking of the Democratic National Committee and its political impact. It then stated: 'Julie says it will be a long-term affair to demonize Putin and Trump. Now it is good for a post-convention bounce. Later the F.B.I. will put more oil into the fire.' The message dated July 27 opens by claiming that 'HRC approved Julia's idea about Trump and Russian hackers hampering U.S. elections. That should distract people from her own missing email, especially if the affair goes to the Olympic level.' An accompanying memo by Russian intelligence analysts identified the person who supposedly proposed the plan as neither Julie nor Julia, but Julianne Smith, a foreign policy adviser for the Clinton campaign who worked at a think tank called the Center for a New American Security. What did interviews show? Early in his scrutiny of the purported emails in 2020 and early 2021, Mr. Durham wrote, he interviewed several intelligence analysts who said that the emails appeared 'likely authentic.' But he described subsequently gathering evidence that pointed in the other direction. Some of the evidence was interviews that took place later in 2021 and in 2022. Mrs. Clinton and high-level campaign officials told Mr. Durham that the material Mr. Ratcliffe had declassified was ridiculous and looked like Russian disinformation. Ms. Smith said she had not seen the purported Benardo emails and had no memory of suggesting to campaign leaders that they should attack Mr. Trump over Russia. After Mr. Benardo saw the purported emails in May 2021, he said that they were unfamiliar, and that he did not recall drafting them, did not know who 'Julie' was and would not use the phrase 'put more oil into the fire.' What did think tank emails show? Mr. Durham did not identify the intended recipients of the emails supposedly from Mr. Benardo. But he gathered emails from four liberal-leaning think tanks, including Mr. Benardo's employer and Ms. Smith's, in an effort to find copies proving they were real. The organizations did not have copies of the purported emails on their servers. But in that process, Mr. Durham uncovered other 'emails, attachments and documents that contain language and references with the exact same or similar verbiage' to the two messages. Those included a July 25 email by a Carnegie Endowment cybersecurity expert that contained an extensive passage about Russian hacking that was echoed, verbatim, as the opening of the purported July 25 message attributed to Mr. Benardo. Was there any contrary evidence? Mr. Durham obtained text messages from Ms. Smith on July 25 showing that she had unsuccessfully tried to determine whether the F.B.I. had opened an investigation into the Democratic National Committee breach, although she did not mention Mr. Trump. That exchange, Mr. Durham wrote, 'supports the notion that the campaign might have wanted or expected F.B.I. or other agencies to aid that effort' by investigating the hacking. He also obtained a July 27 email from Ms. Smith asking her colleagues at the think tank to sign a bipartisan statement criticizing Mr. Trump's denunciations of NATO as reckless and too friendly to Russia. That email 'certainly lends at least some credence that such a plan existed,' Mr. Durham wrote. What else was in the trove of Russian memos? It included other evidence supporting doubts about whether the emails were real. There were two versions of the supposed July 25 email — one that contained a sentence referring to the Olympics doping scandal and one that did not have it. There were also messages between Russians reacting to material appearing in American news outlets about the Russian hacking. The Trump administration redacted some discussion and details about those messages, but Mr. Durham cited them directly in between reproducing the July 25 and July 27 messages. In one, Russians discussed creating something that would seem to come from 'some dark forces, like the F.B.I. for instance, or better yet, Clinton sympathizers in IC, Pentagon, Deep State,' using an apparent abbreviation for intelligence community. The other appeared to discuss making something to 'illuminate' how Mrs. Clinton was trying to vilify Moscow and discredit Mr. Putin and Mr. Trump. The purported July 27 email was attached to that message, Mr. Durham reported. What is the bottom line? The two crucial emails were most likely manufactured by Russian spies, who appear to have assembled them in part using passages lifted from various hacked messages written by people other than Mr. Benardo. 'The office's best assessment is that the July 25 and July 27 emails that purport to be from Benardo were ultimately a composite of several emails that were obtained through Russian intelligence hacking of the U.S.-based think tanks, including the Open Society Foundations, the Carnegie Endowment and others,' Mr. Durham's annex says.
USA Today
an hour ago
- USA Today
Antonio Brown, at court-mandated appearance for bankruptcy case, downplays rich lifestyle
In social media posts, Antonio Brown has appeared to be living a life of luxury in the United Arab Emirates. In a court-mandated appearance as part of his bankruptcy case, however, he said the reality is different. Brown fielded questions about his finances and social media activity during an Aug. 1 meeting of creditors in his Chapter 7 bankruptcy case, downplaying the lavish lifestyle that he has appeared to be living in Dubai over the past seven weeks. The former NFL wide receiver said he does not have any cryptocurrency accounts, does not own any jewelry, does not own any of the expensive sports cars that he has been seen driving in social media posts and is not paying rent in the United Arab Emirates. "I'm actually staying out here with some people, brother," Brown said when asked about his living arrangements. The 37-year-old declined to specify who owns the property at which he has been staying or who is paying the rent, but he said the person is not an American citizen. Attempted murder charge. Bankruptcy. Music. The bizarre post-NFL life of Antonio Brown Brown also indicated that he could soon return to the United States, where he has a warrant out for his arrest after being charged with attempted second-degree murder on June 11. The charge stems from an alleged altercation outside an amateur boxing event on May 16 in Miami. "Hopefully, yes," Brown said, when asked if he planned to return to the U.S. at some point in the near future. The question came in the context of scheduling, as Brown will be asked to sit for a deposition in the bankruptcy case. Because he has an active warrant out for his arrest, he likely would be detained by Customs and Border Protection upon returning to the U.S. A State Department spokesperson declined comment earlier this week when asked by USA TODAY Sports if Brown could be extradited from the United Arab Emirates. The spokesperson cited the department's longstanding policy to not comment on the possible existence of extradition requests. Brown filed for Chapter 11 bankruptcy in May 2024, according to court records, and his case has since been converted to Chapter 7 − a form of bankruptcy in which the court can seize assets and garnish wages to repay creditors. The longtime Pittsburgh Steelers wide receiver, who publicly estimated that he made more than $100 million during his NFL career, now owes more than $3.5 million to a handful of creditors. Brown was ordered to appear at Friday's meeting of creditors, which is also known as a 341 meeting, after previously failing to provide the necessary financial documents to the U.S. trustee overseeing his case, Leslie Osborne. Brown joined the meeting several minutes late from what appeared to be a Dubai hotel room. Meetings of creditors are not court hearings and they are not overseen by a judge. But they nevertheless play an important role in the early stages of the bankruptcy process, requiring debtors to answer questions about their finances under penalty of perjury. Friday's meeting was open to members of the public. Osborne's attorney, D. Brett Marks, asked Brown several questions about his life in Dubai and some of his activity on social media, including a June 26 post on X in which the former NFL wideout posted a screenshot of an account balance exceeding $24 million with the caption "bankrupt over." Brown replied that it was an old post and he does not have an account with $24 million. Brown also offered unclear answers when asked about how he is making money and paying for his current lifestyle. When asked about video clips of himself driving luxurious sports cars that he has posted on social media, he denied owning any cars in the United Arab Emirates, then suggested that such clips might have been manufactured by artificial intelligence. Upon further questioning, Brown said he sometimes has access to sports cars as part of a promotional arrangement with a rental car company. Report: Former NFL WR Antonio Brown facing attempted murder charge in Florida Osborne, the trustee tasked with helping Brown pay off his debts, said at the start of the meeting that he had received only two of the requested bank statements from the seven-time Pro Bowler. Brown told Osborne that he would work with his attorney to provide the requested documents − including the original deed of one of the houses he owns in Florida, which could be put up for sale to pay off some of Brown's debts. At the most recent court hearing in Brown's bankruptcy case, on July 24, judge Peter Russin said Brown's case would be "hanging in the balance" if he did not provide financial documents and follow the court's rules. "I really want to explain to him that he's got his future in his own hands," Russin said during the hearing. "He can resolve all these things very simply just by doing what he's obligated to do anyway, and leave here with his financial situation generally intact." Contact Tom Schad at tschad@ or on social media @
