A Chinese national was arrested in Milan, Italy, last week for allegedly being linked to the state-sponsored Silk Typhoon hacking group, which responsible for cyberattacks against American organizations and government agencies.
According to Italian media ANSA, the 33-year-old man, Xu Zewei, was arrested at Milan’s Malpensa Airport on July 3rd after arriving on a flight from China. Italian police arrested the suspect on an international warrant from the U.S. government.
ANSA reports that Xu is accused of being linked to the Chinese state-sponsored Silk Typhoon hacking group, aka Hafnium, which has been responsible for a wide range of cyberespionage attacks against the U.S. and other countries.
In particular, Italian media reports that Xu is linked to the 2020 Silk Typhoon cyberattacks on infectious disease researchers and healthcare organizations, which aimed to steal data on anti-COVID vaccines.
“These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research,” read the joint advisory.
The hacking group has also been linked to more recent cyberespionage campaigns, including those on the U.S. Treasury’s Office of Foreign Assets Control (OFAC) and the Committee on Foreign Investment.
In March, Microsoft reported that Silk Typhoon had begun targeting remote management tools and cloud services in supply chain attacks to gain access to downstream customers’ networks.
Xu is currently being held in Busto Arsizio prison with the U.S. seeking extradition to face trial in the States.
While cloud attacks may be growing more sophisticated, attackers still succeed with surprisingly simple techniques.
Drawing from Wiz’s detections across thousands of organizations, this report reveals 8 key techniques used by cloud-fluent threat actors.
