Man accused in China-linked hacks extradited to U.S.

April 28, 2026

Summary

Xu Zewei was extradited from Italy to the U.S. and pleaded not guilty to charges tied to China-linked cyberattacks.

Why this matters

The case is part of a long-running U.S. effort to prosecute people accused of carrying out cyberattacks linked to the Chinese government. It also underscores the scale of the Microsoft Exchange breaches and the use of extradition in such cases.

A man accused of carrying out cyberattacks on behalf of the Chinese government was extradited to the United States and could face more than a decade in prison if convicted.

The U.S. Justice Department last year accused Xu Zewei of working as a contractor for China’s Ministry of State Security in a series of cyberattacks. Prosecutors alleged that Xu and co-conspirator Zhang Yu targeted several U.S. universities in early 2020 to steal COVID-19 pandemic-related research.

They also allegedly hacked thousands of email servers running Microsoft Exchange beginning in March 2021 as part of a campaign that U.S. authorities attributed to a China-backed hacking group known as Hafnium, later Silk Typhoon.

Xu was arrested in Italy last year at the request of U.S. authorities. His lawyer in Italy, Simona Candido, said Xu was extradited to the United States on Saturday and is being held in Houston. The Federal Bureau of Prisons website listed a man with the same name at the Federal Detention Center in Houston.

After the story was published, the Justice Department announced Xu’s extradition in a press release.

When it first announced the charges, the Justice Department said Xu worked for Shanghai Powerock Network, a Chinese company that prosecutors said “conducted hacking” for Beijing. Prosecutors alleged that Xu and other hackers reported their activities directly to Chinese state officials in Shanghai.

The Justice Department said Xu and Zhang were part of Hafnium, which allegedly exploited previously undiscovered security flaws in Microsoft Exchange servers to target American organizations including defense contractors, law firms, think tanks, and infectious disease researchers.

In 2022, Yanjun Xu was sentenced to 20 years in prison in what the Justice Department said was the first case in which a Chinese government intelligence officer had been extradited to the United States.

More top news

Business, Tech & Artificial Intelligence

Amazon adds AI audio Q&A to product pages

The feature expands Amazon’s AI shopping tools, which also include Rufus, a generative artificial intelligence assistant for product research and comparisons, Interests, which tracks items based on shopper preferences, and “Help me decide,” which recommends products using a person’s searches, browsing, and shopping history.

Full story +

Amazon launched a new artificial intelligence feature Tuesday that lets shoppers ask questions about products and receive conversational audio responses generated in real time.

The feature, called “Join the chat,” is intended to help customers get product details without scrolling through descriptions or reviews. Amazon said the tool draws on product features, customer feedback, and other information. Shoppers can ask questions such as whether a coffee maker is suitable for beginners or whether a sweater feels itchy based on reviews.

Amazon said the feature builds on earlier responses to make answers more relevant and avoid repetition. The company said it is designed to resemble a conversation with a store employee.

To use it, customers open a product page in the app and tap the “Hear the highlights” button below the product image. They can then listen to a summary or tap the “Join the chat” icon to ask questions by text or voice. The audio can continue playing while users browse.
Business, Finance & Markets

Robinhood shares fall after Q1 misses estimates

Net revenue increased 15% from the first quarter of last year to $1.07 billion.

Full story +

Robinhood shares fell about 10% in premarket trading Wednesday after the company said first-quarter profit and revenue missed Wall Street estimates.

The financial app provider said Tuesday that profit rose 3% from a year earlier to $346 million, or $0.38 per share.

Analysts expected profit of $382 million, or $0.42 per share, and net revenue of $1.14 billion, according to Bloomberg data.

Fees from crypto trades, a major source of Robinhood revenue, fell 47% from a year earlier. The company said the decline was driven by a broader downturn in digital assets that began late last year and worsened through early February. The figure also came in slightly below analysts’ expectations.

“I can’t tell you what the price is going to be in three months. You know, [the] price moves up and down, but what I can tell you is crypto as technology infrastructure is going to be big and we’re investing,” Robinhood CEO Vlad Tenev said on Tuesday’s earnings call when asked about the outlook for digital assets.
Asia

Indonesia tries 4 soldiers in acid attack case

The attack took place March 12 in Jakarta, when Yunus, a deputy coordinator at the Commission for Missing Persons and Victims of Violence, or KontraS, was riding a motorbike. Two men on another motorbike threw acid at him.

Full story +

A military court in Jakarta opened trial proceedings Wednesday for four Indonesian soldiers accused of carrying out an acid attack on activist Andrie Yunus, who had campaigned against expanding the armed forces’ role in government.

Military prosecutors charged Edi Sudarko, Budi Hariyanto Widhi Cahyono, Nandala Dwi Prasetia, and Sami Lakka with serious premeditated assault, which carries a maximum sentence of 12 years under Indonesia’s criminal code.

The defendants appeared in court in military fatigues and were represented by military-appointed lawyers. A defense lawyer said they would not dispute the indictment, allowing the trial to proceed.

Military prosecutor Mohammad Iswadi said Yunus, 27, suffered burns to more than 20% of his face and body and lost sight in one eye.

Police initially identified two other suspects from CCTV footage, but authorities later arrested four others. All four worked for the Indonesian military’s Strategic Intelligence Agency. Its chief later resigned, though no reason was given.

Iswadi said the group was angered by Yunus’ activism, but was not acting under official orders. At the time of the attack, Yunus had just recorded a podcast criticizing what he described as the militarization of government under President Prabowo Subianto, a former general.

Yunus had also protested a parliamentary amendment ratified last year that allowed active-duty military personnel to be appointed to a broader range of government posts, including the attorney general’s office, national disaster mitigation, and the counterterrorism agency.

Rights groups said the change increased military involvement in public affairs and could lead to abuses of power and human rights violations.

Indonesia’s human rights commission, Komnas HAM, has separately said at least 14 people were linked to the attack. The commission warned the incident “could lead to fear among civilians to criticise government officials.”

According to Iswadi, the four men planned the attack at military lodgings in Jakarta. One obtained “rust removal fluid” from a military workshop and mixed it with battery fluid before the group searched for Yunus on motorbikes.
Africa

Mali ruler appears after attacks, vows response

Islamic State in the Sahel Province and JNIM have fought each other for years. Since 2019, the two groups have clashed hundreds of times, killing more than 2,100 people.

Full story +

Mali military leader Assimi Goita appeared publicly Tuesday for the first time since coordinated attacks over the weekend, saying in a televised address that authorities would continue operations until the “complete neutralisation of the groups involved.”

Goita said “the situation is under control” after attacks Saturday by Jama’at Nusrat al-Islam wal-Muslimin, West Africa’s al-Qaida affiliate, and a Tuareg-led separatist group. The attacks hit Mali’s main army base and the area near Bamako’s airport, and pushed Russian troops supporting government forces out of Kidal in northern Mali.

Mali’s Defense Minister Sadio Camara was killed in the attacks. Goita’s office published photos Tuesday of him meeting Russian Ambassador Igor Gromyko and said the two men discussed “the current situation and the strong partnership between Bamako and Moscow.” The office said Gromyko “reaffirmed his country’s commitment to supporting Mali in the fight against international terrorism.”

In a video message distributed Tuesday, JNIM spokesperson Bina Diarra said the attacks were revenge for drone strikes and other attacks by Malian forces. He also threatened Bamako, saying, “As of today, Bamako is closed off from all sides.” JNIM imposed a fuel blockade on Bamako last year, though it had eased before Saturday’s attacks.

Russia’s Defense Ministry said Tuesday that jihadi and separatist forces were regrouping after Moscow’s troops helped stop what it described as a coup attempt on Saturday, including efforts to seize the presidential palace. The ministry said Russian forces were conducting reconnaissance to destroy insurgent camps and were prepared to respond to further attacks.
Asia

South Korea court gives Yoon 7 years in prison

The sentence added to the life term Yoon had already received on rebellion charges related to the same period. Yoon has appealed that sentence.

Full story +

A South Korean appeals court on Wednesday sentenced ousted President Yoon Suk Yeol to seven years in prison for obstruction of justice and related charges tied to his resisting arrest and the Cabinet process before his brief martial law declaration in December 2024.

Judge Yoon Sung-sik of the Seoul High Court said Yoon bypassed a legally required full Cabinet meeting before declaring martial law, falsified documents to conceal that lapse, and used security officials “like a private army” to resist law enforcement efforts to arrest him after his impeachment. Yoon stood quietly as the verdict was delivered and made no comment.

Yoo Jeong-hwa, one of Yoon’s lawyers, called the ruling “very disappointing” and said the legal team would appeal to the Supreme Court.

A lower court in January sentenced Yoon to five years in prison, but partly acquitted him of abuse-of-power charges tied to the Cabinet meeting, ruling he was not responsible for the absence of two invited members.

The Seoul High Court reversed that acquittal, finding him guilty on all counts. It ruled that he violated the rights of those two members and seven others who were not notified by convening only a limited group to resemble a formal meeting.

Yoon’s Dec. 3, 2024, martial law decree triggered a political crisis that disrupted domestic politics, senior-level diplomacy, and financial markets. He was suspended from office on Dec. 14, 2024, after the liberal-led legislature impeached him, and the Constitutional Court removed him from office in April 2025. The political turmoil eased after liberal rival Lee Jae Myung won an early presidential election in June.

After his suspension, Yoon refused to comply with a Seoul court warrant for questioning. In early January 2025, dozens of investigators who went to the presidential residence were blocked by presidential security forces and vehicle barricades. He was detained later that month, released by another court in March, and re-arrested in July.

He remained in custody as multiple criminal trials continued.

The ruling came a day after the same court increased to four years the sentence for Yoon’s wife, Kim Keon Hee, on charges including accepting luxury gifts from the Unification Church, which sought political favors from Yoon’s government, and involvement in a stock price manipulation scheme.

In a separate trial last week, prosecutors requested a 30-year prison term for Yoon over allegations that he tried to escalate tensions with North Korea in 2024 by ordering drone flights over Pyongyang to create conditions for martial law at home.
China

Chinese research vessel leaves waters near Japan

The vessel was seen extending wire-like objects from its sides and stern until April 17, but remained in the area for about another week and a half.

Full story +

A Chinese research vessel that operated for nearly two weeks in waters near Japan’s southwestern islands left the area early Wednesday, the third such case in the past month, according to Japan’s coast guard.

The vessel, Kexue, was first spotted at 12:30 p.m. April 15 about 45 miles north of Ishigaki Island and about 170 miles east of Taiwan, according to a coast guard release. It left the area and sailed west at 12:22 a.m. Wednesday, the coast guard said.

The coast guard repeatedly radioed the vessel during its stay and told it that “scientific oceanographic research without Japan’s consent is unacceptable,” according to the Wednesday release.

Kexue belongs to the Chinese Academy of Sciences’ Institute of Oceanology, according to the institute’s website. It is equipped with deep-sea, seabed, water column, and atmospheric detection systems.

The sighting followed two others in the Nansei region, which stretches from Kyushu to Taiwan.

A spokesman said it is “not abnormal” to spot three Chinese research vessels near Japanese islands within a month, but declined further comment.

In October 2023, Japan lodged diplomatic protests with Beijing after a Chinese research vessel was spotted apparently conducting a survey about 80 miles northeast of Taisho Island, another Senkaku island.
US Politics

Supreme Court to hear TPS cases on Haiti, Syria

Advocates said ending TPS for Haiti and Syria could affect about 350,000 people and potentially shape future decisions involving roughly 1.3 million TPS holders from 17 countries, including Afghanistan, El Salvador, Ethiopia, Honduras, Nepal, Somalia, Sudan, Ukraine, Venezuela, and Yemen.

Full story +

The U.S. Supreme Court will hear oral arguments Wednesday on whether the Trump administration can end Temporary Protected Status, or TPS, for immigrants from Haiti and Syria, a case that legal advocates and immigration lawyers said could affect the program more broadly.

The cases, Mullin v. Dahlia Doe and Trump v. Miot, concern Haitian and Syrian nationals. The administration’s broader effort to reduce TPS protections began last year, when the court issued two orders affecting about 350,000 Venezuelans.

TPS, created by Congress in 1990 and moved to the Department of Homeland Security in 2002, allows people from countries facing armed conflict, natural disasters, or other crises to live and work legally in the United States.

Megan Hauptman, a litigation staff attorney at the International Refugee Assistance Project, say the key issue is whether courts can review TPS terminations. “President [Donald] Trump campaigned on ending TPS and has now terminated every designation that’s come up for renewal, regardless of the actual conditions,” she said. “[He] is now asking to make virtually all TBS decision-making unreviewable by the court system.”

Rosanna Berardi, managing partner of Berardi Immigration Law, said the court also appeared poised to weigh executive authority, whether the Department of Homeland Security followed required procedures, and whether TPS decisions are insulated from review as foreign policy or national security matters. “This case sits at the intersection of immigration, foreign policy and executive authority,” Berardi said.

Opponents of repeated TPS extensions said the program was intended to be temporary.

When the cases began last year, then-Homeland Security Secretary Kristi Noem cited “stable institutional governance” in Syria and said there were “no extraordinary and temporary conditions in Haiti that prevent Haitian nationals…from returning in safety.” Hauptman disputed that assessment, citing State Department travel advisories warning against travel to both countries.

The court will hear the dispute after the House voted 224-204 on April 16 to pass H.R. 1689, introduced by Reps. Ayanna Pressley, D-Mass., and Laura Gillen, D-N.Y., to extend TPS for Haitians through 2029. The bill faces long odds in the Republican-controlled Senate, and the White House has issued a veto threat.
Business, Finance & Markets

Coca-Cola profit rises, CEO flags consumer strain

Coca-Cola reported net income of $3.92 billion, or $0.91 per share, up from $3.33 billion, or $0.77 per share, a year earlier. Net revenue was $12.47 billion, above the $12.24 billion estimate.

Full story +

Coca-Cola reported first-quarter results above Wall Street estimates, while Chief Executive Henrique Braun said some consumers remained under pressure from inflation, economic uncertainty, and conflict in the Middle East.

“While many consumers remained resilient, others are under pressure due to persistent inflation, greater macroeconomic uncertainty, and volatilities driven by the conflict in the Middle East,” Braun said on the company’s earnings call.

Organic revenue, which excludes acquisitions, divestitures, and currency changes, rose 10% in the quarter. Volume increased 3% globally, with all operating segments reporting growth, including a 4% gain in North America.

Braun said Coca-Cola had continued to offer smaller pack sizes, value pricing, and targeted promotions to retain price-sensitive shoppers. Premium brands including Fairlife and Smartwater continued to grow.

One weaker area was juice, dairy, and plant-based drinks, where volume fell 1%. The company said strong Fairlife performance did not fully offset the effect of selling its finished-goods operations in Nigeria last year. In the Middle East, sales weakened in March after the U.S.-Iran conflict began.

For 2026, Coca-Cola raised its adjusted earnings per share growth forecast to 8% to 9%, from 7% to 8%, citing a lower-than-expected effective tax rate of 19.9%. It maintained its organic revenue growth forecast of 4% to 5%.

The company said cost pressures, particularly in tea and coffee commodities, were “manageable at this time,” though Braun said geopolitical developments could affect that outlook. Coca-Cola said it had less direct exposure to higher aluminum and plastic costs than its bottling partners.

The pending sale of Coca-Cola Beverages Africa, expected to close in the second half of 2026, is also expected to improve margins by removing a lower-margin bottling business from its results. Shares were up 6% after the earnings report.
US Politics

Senate blocks measure limiting Trump action on Cuba

Republicans said the vote was unnecessary because there are no active U.S. hostilities against Cuba.

Full story +

The U.S. Senate on Tuesday blocked a resolution that would have required President Donald Trump to obtain congressional approval before ordering military action against Cuba.

The Republican-led Senate voted 51-47, largely along party lines, on a procedural measure that stopped the Democratic-led war powers resolution.

Sen. Rick Scott, a Florida Republican who introduced the point of order, said a war powers vote was not appropriate because Trump had not deployed troops against Havana.

Trump has threatened Cuba’s leadership several times in recent months and warned that “Cuba is next.” Most recently, he pledged “a new dawn for Cuba.”

Tuesday’s vote was the first on Cuba in this context. It came after Democrats repeatedly failed in both the Senate and House of Representatives to require Trump to seek congressional authorization for military operations.

The White House said Trump’s actions were within his rights and obligations as commander in chief to protect the United States.
Europe

Report: Paragon silent in Italy spyware probe

WhatsApp said Israeli American surveillance company Paragon provided the technology used in a hacking campaign that targeted about 90 people worldwide with its Graphite spyware.

Full story +

Paragon Solutions has not responded to an Italian request for information in a spyware investigation opened last year, according to Wired Italy.

In 2024, WhatsApp and Apple notified several people in Italy, including journalists and activists, that they had been targeted with government spyware.

The notifications prompted criminal complaints in Italy, and prosecutors in Rome and Naples opened an investigation. Wired Italy reported that prosecutors sent a formal request for information to Paragon through the Israeli government, but had not received a response a year later.

Paragon had previously said Italy rejected its offer to investigate whether a journalist was targeted with Graphite. The company later canceled its contract with Italy’s two intelligence agencies, the External Intelligence and Security Agency (AISE) and the Internal Intelligence and Security Agency (AISI), citing, in part, the government’s refusal to accept that offer.

Prime Minister Giorgia Meloni’s government has denied hacking Fanpage journalists Francesco Cancellato and Ciro Pellegrino, whose phones were targeted with Graphite.

Other victims in Italy included activists with Mediterranea Saving Humans, a nonprofit that rescues migrants crossing the Mediterranean.

In June 2024, the parliamentary committee overseeing Italy’s intelligence agencies said the targeting of the activists was lawful. It said it found no evidence that Cancellato was targeted, and it did not examine Pellegrino’s case.

In March, the prosecutors said a forensic examination of Cancellato’s phone confirmed it had been hacked. They said they could not reach the same conclusion after analyzing Pellegrino’s phone.