Attorney General James Urges New Yorkers to Take Advantage of New “Click-to-Cancel” Rule

 

UPDATE: 

As a result of a recent decision by the Eighth Circuit, the FTC’s Click-to-Cancel rule will no longer go into effect on July 14.

New York Attorney General Letitia James reminded New Yorkers that the Federal Trade Commission’s (FTC) new “Click-to-Cancel” Rule will go into effect on July 14, making it easier for consumers to cancel subscriptions and other services that renew automatically. The rule requires companies to make cancellation at least as simple as enrollment and to allow consumers to cancel using the same method they used to sign up – either online, in person, or over the phone. When canceling a subscription online, the cancellation mechanism must be easy to find, and consumers cannot be forced to chat with an agent if they did not do so when they signed up.

“New Yorkers should never have to jump through hoops just to cancel an unwanted subscription,” said Attorney General James. “This new ‘Click-to-Cancel’ rule will protect consumers and ensure companies are operating fairly. I encourage anyone who has a difficult time canceling a subscription to report it to my office, and I will continue to make sure companies throughout our state are following the law.”

In addition to requiring simple cancellation, the Click-to-Cancel Rule requires companies to make sure that people know what they are agreeing to before they sign up for a subscription that renews automatically. Companies must also make sure that important information about the subscription is truthful, clear, and easy to find. Attorney General James encourages New Yorkers who experience issues canceling a subscription to contact her office by filing a complaint online.

Attorney General James consistently fights to protect New Yorkers from companies offering costly recurring subscriptions that are difficult to cancel. In May, Attorney General James secured $600,000 in penalties from Equinox and refunds for consumers for making it hard for New Yorkers to cancel their memberships. In November 2024, Attorney General James won a lawsuit to stop SiriusXM from trapping New York customers in unwanted subscriptions. In December 2023, Attorney General James secured $740,000 from the online mental health provider Cerebral for its burdensome cancellation process. In June 2023, Attorney General James led a bipartisan group of 26 state attorneys general in submitting a comment letter to the FTC in support of changes to its existing rule. Those changes resulted in the new Click-to-Cancel Rule.

OmegaPro Founder and Promoter Charged for Running Global $650M Foreign Exchange and Crypto Investment Scam

 

An indictment was unsealed in the District of Puerto Rico charging two men for their alleged roles in operating and promoting OmegaPro, an international investment scheme that defrauded victim investors of over $650 million.

According to court documents, Michael Shannon Sims, 48, of Georgia and Florida, was a founder, strategic consultant, and promoter of OmegaPro, and Juan Carlos Reynoso, 57, of New Jersey and Florida, led OmegaPro’s operations in Latin America and parts of the United States, including Puerto Rico.

“As alleged, the defendants preyed upon vulnerable individuals in the U.S. and abroad, defrauding them of over $650 million by making false promises of substantial returns and that their money was safe,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division. “The Criminal Division is committed to prosecuting these bad actors and pursuing justice for their many victims. Thanks to the dedicated work of our multiagency and international law enforcement partners, we are leading efforts to combat these complex and insidious digital asset investor scams.”  

“As alleged in the indictment, the defendants operated a global fraud scheme through OmegaPro that deceived investors with false promises of extraordinary returns, only to misappropriate hundreds of millions of victim funds,” said U.S. Attorney W. Stephen Muldrow for the District of Puerto Rico. “We remain committed to dismantling international financial schemes that target U.S. victims — including here in Puerto Rico — and to recovering illicit proceeds through criminal prosecution and asset forfeiture.”

“The FBI will not stand by while the American public is defrauded,” said Assistant Director Joe Perez of the FBI Criminal Investigative Division. “Through coordination with our partners, these individuals will have to defend their actions in a court of law.”

“This case exposes the ruthless reality of modern financial crime,” said Chief Guy Ficco of the IRS Criminal Investigation (IRS-CI). “OmegaPro promised financial freedom but delivered financial ruin – stealing over $650 million from everyday people and vanishing it into virtual currency. These weren't just scams; they were precision-engineered betrayals. Our job is to stand up for those who've been exploited and continue our cross-agency collaboration until those responsible are brought to justice."

“This case highlights the critical role international partnerships play in dismantling transnational financial fraud schemes that exploit global markets and victimize unsuspecting investors,” said International Operations Assistant Director Ricardo Mayoral of U.S. Immigration and Customs Enforcement Homeland Security Investigations (HSI). “HSI remains committed to working with our partners worldwide to disrupt criminal networks that weaponize emerging technologies to conceal illicit profits and defraud the public.”

Sims and co-conspirators established OmegaPro in or about January 2019, and Reynoso joined a few months later, in or about April 2019. As alleged, the defendants and others operated and promoted OmegaPro as a multi-level marketing (MLM) scheme for investors to purchase “investment packages,” which the defendants and others falsely promised would generate 300% returns over 16 months through foreign exchange (forex) trading by elite traders. Investors were instructed to purchase these investment packages using virtual currency.

According to court documents, Sims allegedly misled victims by vouching for OmegaPro’s trading performance and the skills of the hired traders and by falsely advertising the safety of investment in OmegaPro. Reynoso allegedly falsely and misleadingly represented that OmegaPro was operating pursuant to a legitimate license and, at other times, that OmegaPro was not subject to any country’s legal rules. The indictment alleges that Sims and Reynoso, together with co-conspirators, hosted lavish OmegaPro promotional events and trainings all over the world including, for example, projecting the OmegaPro logo onto the Burj Khalifa, the world’s tallest building, at an event in Dubai. The objective of these promotional events allegedly was to convince existing and prospective investors that OmegaPro was a legitimate enterprise that offered a path to wealth and a luxurious lifestyle.

Further, Sims, Reynoso, and their co-conspirators used social media to display their expensive vacations and cars, as well as their designer clothes and watches. The indictment alleges that through the defendants’ and others’ misrepresentations, OmegaPro raised over $650 million in virtual currency from thousands of investors. After OmegaPro announced that it had suffered a network hack, Reynoso and others told victims in or about January 2023 that their investments were secure and that OmegaPro was transferring their investments to another platform called Broker Group. Despite these representations, victims were unable to withdraw money from either their OmegaPro accounts or their accounts at Broker Group, resulting in millions in victim losses.

The more than $650 million in funds raised from victims allegedly was first sent to virtual currency wallet addresses controlled by OmegaPro executives and then allegedly transferred to OmegaPro insiders and high-ranking promoters to disperse the funds and obscure their origins. As alleged, Sims and Reynoso both profited millions from this scheme.

Both defendants are charged with one count of conspiracy to commit wire fraud and one count of conspiracy to commit money laundering. If convicted, Sims and Reynoso each face a maximum penalty of 20 years in prison on each count.

The FBI, IRS-CI, and HSI New York are investigating the case, with assistance from FBI’s Virtual Asset Unit, HSI Bangkok, HSI Bogota, HSI Frankfurt, HSI Istanbul, HSI London, HSI Miami, HSI New Delhi, HSI The Hague, the Office of the Attorney General of Colombia, and the Joint Chiefs of Global Tax Enforcement (J5), an alliance between the Australian Taxation Office, the Canada Revenue Agency, the Dutch Fiscal Intelligence and Investigation Service, His Majesty's Revenue and Customs from the U.K., and IRS-CI.

Trial Attorneys Ariel Glasner and Tamara Livshiz of the Criminal Division’s Fraud Section and Assistant U.S. Attorney Jonathan Gottfried for the District of Puerto Rico and on detail to the Computer Crime and Intellectual Property Section are prosecuting the case.

If you believe you were potentially victimized by OmegaPro or have information relevant to this investigation, please visit the FBI’s Victim Witness website at forms.fbi.gov/victims/omegaprovictims or contact OmegaProVictims@fbi.gov.

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

DHS Releases Names of Worst of the Worst Convicted Criminal Illegal Aliens Detained at Guantanamo Bay

 

Pedophiles, murderers, kidnappers, and other violent criminals are being held at the military facility

The Department of Homeland Security (DHS) released the names of some of the dangerous, criminal illegal aliens detained at the Guantanamo Bay.

“We’re arresting criminal illegal aliens and getting them off America’s streets. Guantanamo Bay is holding the worst of the worst including child predators, rapists and murderers,” said Assistant Secretary Tricia McLaughlin. “Whether it is CECOT, Alligator Alcatraz, Guantanamo Bay or another detention facility, these dangerous criminals will not be allowed to terrorize U.S. citizens. President Trump and Secretary Noem are using every tool available to get criminal illegal aliens off our streets and out of our country. Our message is clear: Criminals are not welcome in the United States.”

Below are examples of nearly 30 high-threat, violent criminal illegal aliens that have committed heinous crimes and are detained at Guantanamo Bay. These dangerous illegal aliens are convicted criminals with final orders of removal from an immigration judge.

• Olma Juarez-Mendez, an illegal alien from Guatemala, has been convicted of domestic abuse.
• Hung Vo, an illegal alien from Vietnam, has been convicted of robbery with a weapon.
• Quan Phung, an illegal alien from Vietnam, has been convicted of aggravated assault with a weapon.
• Andis Noe Cortes Zepeda, an illegal alien from Honduras, has been convicted of sexual assault.
• Antonio Erazo-Ramos, an illegal alien from Honduras, has been convicted of assault.
• Xiang Liu, an illegal alien from China, has been convicted of robbery.
• Jin Feng Lu, an illegal alien from China, has been convicted of homicide.
• Hieu Tran, an illegal alien from Vietnam, has been convicted of robbery.
• Shubham Singh, an illegal alien from India, has been convicted of child pornography.
• Franklin Almendarez-Alvarez, an illegal alien from Honduras, has been convicted of lewd acts with a minor.
• Ramiro Villanueva, an illegal alien from Colombia, has been convicted of smuggling cocaine.
• Tien Minh Cao, an illegal alien from Vietnam, has been convicted of kidnapping.
• Khang Huy Trang, an illegal alien from Vietnam, has been convicted of kidnapping for ransom.
• Carlos Olivo Orellana, an illegal alien from El Salvador, has been convicted of lewd acts with a minor.
• Wen Lin, an illegal alien from China, has been convicted of robbery.
• Guillermo Gonzales-Tiul, an illegal alien from Guatemala, has been convicted of assault.
• Yong Liang, an illegal alien from China, has been convicted of kidnapping.
• Luis Fernando Ospina Tabarez, an illegal alien from Colombia, has been convicted of smuggling heroin.
• Ilie Bogde, an illegal alien from Romania, has been convicted of robbery.
• Jose Diego Pereira Valdez, and illegal alien from El Salvador, has been convicted of aggravated assault with a gun.
• Larry Medina, an illegal alien from Venezuela, has been convicted of sexual assault.
• Brayan Vasquez-Montero, an illegal alien from Colombia, has been convicted of aggravated assault with a weapon.
• Nathaniel Akeen, an illegal alien from Liberia, has been convicted of robbery.
• Eric Gresford Miller, an illegal alien from Jamaica, has been convicted of aggravated assault with a gun.
• Nigel Tomlinson, an illegal alien from the United Kingdom, has been convicted of child sexual abuse.
• Victor Bonilla-Alvarez, an illegal alien from El Salvador, has been convicted of trafficking weapons.

On January 29, 2025, President Donald J. Trump signed an executive order, Expanding Migrant Operations Center at Naval Station Guantanamo Bay to Full Capacity, directing Secretary Noem to expand the Migrant Operations Center at Naval Station Guantanamo Bay to provide additional detention space for high-priority criminal aliens illegally present in the United States.

Governor Hochul Announces New Regulations Now in Effect to Help New Yorkers Access Behavioral Health Treatment

Network Adequacy Standards Aimed at Improving Access to Mental Health and Substance Use Disorder Care

Regulations to Help Millions of New Yorkers Covered by Medicaid Managed Care, Child Health Plus, Essential Plan, and Commercial Health Insurance Plans

Enhanced Regulations to Make Mental Health Care More Affordable by Increasing Access to In-Network Care

Governor Kathy Hochul announced that new network adequacy regulations give New Yorkers with qualifying health insurance plans access to an initial outpatient appointment for behavioral health care within 10 business days of the request. These new consumer protections also require these plans to post up-to-date and accurate lists of in-network providers on their websites, which will help to eliminate inaccurate or misleading directories.

“New Yorkers in need of mental health or substance use disorder treatment should not be forced to wait months for essential care or to cover these costs themselves when their plan doesn’t include any available providers,” Governor Hochul said. “These new regulations will help remove barriers that often force individuals and families to pay out-of-pocket for care or forgo treatment altogether.”

As of July 1, New Yorkers covered by Medicaid Managed Care, Child Health Plus, and the Essential Plan are entitled to these important consumer protections for appointment wait times. For New Yorkers covered by commercial health insurance plans, these wait time standards will take effect on a rolling basis as their policies are renewed, modified, or purchased on and after July 1.

The regulations also require plans to have dedicated employees who can help their members find an in-network provider. Additionally, the plans must provide a list of available in-network providers within three business days, following a member’s request.

New Yorkers unsure of their coverage should contact their insurer or employer. Those needing mental health or substance use disorder services should also check their health insurance policies for a list of what is covered.

Plans must post an accurate and up-to-date directory of their provider network, including health care professionals or facilities, the provider’s location, telehealth options, languages spoken, any restrictions concerning the conditions treated or ages served, and facility affiliations, among other information. Accurate directories will help to eliminate so-called ‘ghost networks’ –ones that give the appearance of offering in-network options, but instead list inaccurate information or providers that aren’t taking appointments.

The new regulations also provide avenues for consumers to file a complaint against plans or insurers not in compliance. New Yorkers covered by Medicaid, Essential Plan, or Child Health Plus can contact DOH; those with state-regulated commercial insurance coverage may contact DFS. For more information about mental health and substance use disorder treatment coverage requirements and protections, visit here.

The Community Health Access to Addiction & Mental Healthcare Project or ‘CHAMP’ is a resource available to help people with insurance issues related to substance use disorder and mental health care. CHAMP can answer questions, help file complaints against insurance companies, and assist with insurance denial appeals.

Governor Hochul also secured $1 million in the FY 2026 Enacted State Budget to help enforce state regulations so that insurers provide the mental health care and substance use disorder coverage their members deserve. This includes new resources to strengthen compliance and oversight, educate consumers and providers, and investigate and mediate complaints.

Under Governor Hochul’s leadership, New York is leading the nation in requiring health insurers to cover behavioral health services and continues to develop tools to ensure these companies are following all applicable laws. The state now requires commercial insurers to reimburse covered outpatient mental health and substance use disorder services provided by in-network OMH- and OASAS-licensed facilities at no less than the Medicaid rate; and requires commercial and Medicaid health plans to use transparent, nonprofit clinical guidelines and cover all medically necessary treatments.

The 988 Suicide & Crisis Lifeline connects New Yorkers to trained crisis counselors 24/7, who can help anyone thinking about suicide, struggling with substance use, experiencing a mental health crisis, or any other kind of emotional distress. New Yorkers can call, text or chat 988 if they are worried about someone who may need crisis support.

New Yorkers struggling with an addiction, or whose loved ones are struggling, can find help and hope by calling the state’s toll-free, 24-hour, 7-day-a-week HOPEline at 1-877-8-HOPENY (1-877-846-7369) or by texting HOPENY (Short Code 467369). 

Attorney General James Urges DoorDash Delivery Workers to File Claims to Receive Funds from $16.75 Million Settlement

Eligible Drivers Must File Claims Online by September 30, 2025  

New York Attorney General Letitia James today urged current and former delivery workers who have received notice that they are eligible for the DoorDash settlement reached by the Office of the Attorney General (OAG) to file claims by September 30, 2025. In February 2025, Attorney General James secured $16.75 million for delivery workers after an OAG investigation found that DoorDash misled both consumers and delivery workers (known as Dashers) by using tips intended for Dashers to subsidize their guaranteed pay. Now, Attorney General James is urging all delivery workers who have received notice of the settlement from settlement administrator Atticus Administration to submit a claim online before the deadline. 

“New York's delivery workers are integral to our communities, working tirelessly to bring food and other essentials directly to our doorsteps in all conditions,” said Attorney General James. “I am proud to return millions to the pockets of hardworking Dashers and ensure transparency in DoorDash’s payment practices going forward. I urge any Dasher who received notice of the settlement to file a claim now to get their money back before the deadline on September 30, 2025. My office will always fight to ensure workers in New York receive the treatment, benefits, and wages they are due.” 

Earlier this year, Attorney General James secured $16.75 million from DoorDash in a landmark settlement, which also required the company to revise its payment practices, enhance transparency for both customers and Dashers, and improve order history access for Dashers. Those who delivered for DoorDash in New York between May 2017 and September 2019 and had tips applied to their guaranteed pay are eligible to receive money from the settlement fund, which is being entirely distributed to current and former Dashers. Any delivery worker who received notice from Atticus Administration but has yet to file a claim is encouraged to file a claim online as soon as possible.  

The OAG investigation revealed that between May 2017 and September 2019, DoorDash used a guaranteed pay model that let Dashers see how much they would be paid before accepting a delivery. Under this model, rather than the customer’s tip being given to Dashers on top of their guaranteed pay, the customer’s tip was used to subsidize the guaranteed pay that the Dashers had already been offered.  

In its investigation, OAG found that customers were misled into believing their tips would directly benefit Dashers. Instead, DoorDash would keep the tips meant for Dashers and take it out of their guaranteed pay. DoorDash would guarantee pay to a Dasher, and then only actually pay them whatever the tip did not cover. DoorDash also failed to clearly disclose these practices to customers and Dashers. At checkout, customers were encouraged to tip with a message reading “Dashers will always receive 100 percent of the tip.” Disclosures about the use of tips were buried in online documents and inaccessible during critical moments in the ordering process. Customers had no way of knowing that DoorDash was using tips to reduce its own costs. 

Approximately 63,000 delivery workers who delivered food for DoorDash in New York between May 2017 and September 2019 are eligible to receive funds from this settlement. Eligible Dashers have received notice of the settlement via mail, email, and/or text, including information on how to file a claim. 

Anyone experiencing an issue filing a claim should contact Atticus Administration directly. Dashers with questions about the settlement can contact 1-800-270-1039 or info@NYDoorDashSettlement.com. More information can be found on OAG’s website.  

Three Law Enforcement Personnel Injured After Horrific Shooting in McAllen Texas

 

Shooter was neutralized by brave law enforcement officers

Yesterday morning, a gunman, preliminarily identified as Ryan Louis Mosqued, opened fire at the entrance of the United States Border Patrol (USBP) sector annex in McAllen, Texas.

The suspect was neutralized by law enforcement who acted heroically to stop the shooter before there was any loss of life, however three were injured. A McAllen police officer was shot in the leg. Both a Border Patrol officer and Border Patrol employee also sustained injuries. All three were taken to the hospital in non-critical condition. This incident is being investigated by CBP’s Office of Professional Responsibility in coordination with the FBI.

This attack comes as federal law enforcement is facing a staggering surge in assaults and politicians continue to vilify and attack law enforcement. Just yesterday Axios published a post quoting a democratic lawmaker saying: “Our own base is telling us that what we're doing is not good enough ... [that] there needs to be blood to grab the attention of the press and the public."

“Yesterday’s heinous and unprovoked attack in McAllen could have been a bloodbath if not for the fearless actions of Border Patrol and McAllen law enforcement," said DHS Assistant Secretary Tricia McLaughlin. "This vile assault on our officers is a disgusting escalation fueled by toxic rhetoric vilifying those who protect our borders. This must end now, and those stoking this violence will face consequences.”

Image

Governor Hochul Announces $3 Million Awarded to Integrate Electric Vehicles Into the Grid

$4 Million is Also Now Available for Technologies to Manage Electric Vehicle Charging in New York State

Solutions Enhance Electric Grid Flexibility and Lower Costs for Consumers

Governor Kathy Hochul today announced $3 million has been awarded to three projects to advance technologies that can help integrate electric vehicles efficiently into the electric grid. The Governor has also made available $4 million to advance technologies that overcome data collection, transmission and operational challenges faced by utilities to manage electric vehicle (EV) charging. Together, these solutions will help to enhance grid flexibility, shift charging to accommodate energy demand, and lower charging costs for consumers.

“New York is leading the way in building a smarter, more sustainable energy future,” Governor Hochul said. “By investing in innovative technologies that support EV charging and integration with the grid, we are strengthening our clean energy infrastructure to meet the demands of tomorrow. We are also improving grid resiliency while making it easier and more affordable for New Yorkers to drive electric.”

The $3 million has been awarded to three projects through the Vehicle Grid Integration Program, administered by the New York State Energy Research and Development Authority (NYSERDA), which provides funding for projects that are scalable and advance electric vehicle charging infrastructure through product development, technology demonstrations, or new business models. Technologies include bi-directional charging, energy storage, on-site energy generation, and EV managed charging.

The awarded projects include:

• Charging Platform Lamppost Conduit Interconnection: Voltpost was awarded $775,000 to develop lamppost EV charging in the New York City area, Capital Region, and Hudson Valley focusing on UL certification, retrofits, and plans to deploy at least ten additional Level 2 charging stations in New York State.
• Demonstrating Statewide Implementations of Flexible Interconnections for Fleets: The Mobility House was awarded $867,000 to show how utility distribution capacity can be maximized with flexible interconnections to support electric school bus charging at a depot in Staten Island and a second location yet to be determined in New York State to pilot a method for fast charger deployment that decouples charger construction from electric grid development timelines.
• Distribution-Optimized EV Managed Charging to Enhance Grid Flexibility: Weave Grid, Inc. was awarded nearly $1 million to control when EV managed charging will occur in the Orange and Rockland Utilities service area by using software and topology data to coordinate schedules and balance the energy load.

Managed EV Funding

Also announced today is $4 million in new funding for a competitive solicitation offered through NYSERDA’s Electric Vehicle Managed Charging program. Proposals are sought from researchers, developers and consultants, who individually or as a team, will develop or demonstrate technologies that can solve the data collection, data transmission and operational challenges faced by utilities when integrating electric vehicles, regardless of supplier, with the electric grid. Proposals must include behind-the-meter EV integrated solutions including the transfer of bi-directional data and utility control over charging, or both to study how these solutions can alleviate demand on the electric grid.

The focus of this solicitation was identified by NYSERDA working with Avangrid, parent company of Rochester Gas & Electric (RG&E) and New York State Electric & Gas (NYSEG), to provide data that will help inform future utility rate and program planning for EV managed charging.

Proposals are due on September 16, 2025, by 3:00 p.m. ET. For more information on this funding opportunity please visit NYSERDA’s website.

For more than fifty years, NYSERDA has been a trusted and objective resource for New Yorkers, taking on the critical role of energy planning and policy analysis, along with making investments that drive New York toward a more sustainable future. Today’s announcement builds on the success of NYSERDA’s Grid Modernization program, which since 2016 has awarded approximately $65 million to over 110 grid technology companies and research organizations for projects that improve low-cost high-accuracy grid sensors, modeling and simulation tools, and advanced engineering solutions. New York State’s investments in research, development, and commercialization support innovators accelerating the clean energy transition. NYSERDA’s Innovation and Research program is deploying approximately $1.2 billion over 15 years as direct research investments and commercialization support. To date, more than $800 million in investments have supported more than 700 companies and made nearly 300 products commercially available to individuals, businesses, and utilities.

In addition, New York State is investing nearly $3 billion in electrifying its transportation sector and rapidly advancing measures that all new passenger cars and trucks sold, are zero emissions, along with all school buses being zero emissions the same year. There are a range of initiatives to grow access to EVs and improve clean transit for all New Yorkers including the Drive Clean Rebate, EV Make Ready, EVolve NY, the New York Truck Voucher Incentive Program (NYTVIP), the New York School Bus Incentive Program, and the Direct Current Fast Charger Program.

Funding for this initiative is through the Clean Energy Fund (CEF).

New York State's Climate Agenda

New York State's climate agenda calls for an affordable and just transition to a clean energy economy that creates family-sustaining jobs, promotes economic growth through green investments, and directs a minimum of 35 percent of the benefits to disadvantaged communities. New York is advancing a suite of efforts to achieve an emissions-free economy by 2050, including in the energy, buildings, transportation, and waste sectors. 

Justice Department Announces Arrest of Prolific Chinese State-Sponsored Contract Hacker

 

China’s Ministry of State Security Directed the Theft of COVID-19 Research and the Exploitation of Microsoft Exchange Server Vulnerabilities, Known Publicly as the Indiscriminate ‘HAFNIUM’ Intrusion Campaign

The Justice Department announced today that Xu Zewei (徐泽伟), 33, of the People’s Republic of China was arrested on July 3 in Italy at the request of the United States. Xu and his co-defendant, PRC national Zhang Yu (张宇), 44, are charged in a nine-count indictment, unsealed today in the Southern District of Texas, for their involvement in computer intrusions between February 2020 and June 2021, including the indiscriminate HAFNIUM computer intrusion campaign that compromised thousands of computers worldwide, including in the United States. Xu was arrested in Milan, Italy, and will face extradition proceedings.

According to court documents, officers of the PRC’s Ministry of State Security’s (MSS) Shanghai State Security Bureau (SSSB) directed Xu to conduct this hacking. The MSS and SSSB are PRC intelligence services responsible for PRC’s domestic counterintelligence, non-military foreign intelligence, and aspects of the PRC’s political and domestic security. When conducting the computer intrusions, Xu worked for a company named Shanghai Powerock Network Co. Ltd. (Powerock). Powerock was one of many “enabling” companies in the PRC that conducted hacking for the PRC government.

“This arrest underscores the United States’ patient and tireless commitment to pursuing hackers who seek to steal information belonging to U.S. companies and universities,” said John A. Eisenberg, Assistant Attorney General for the National Security Division. “The Justice Department will find you and hold you accountable for threatening our cybersecurity and harming our people and institutions.”

“The indictment alleges that Xu was hacking and stealing crucial COVID-19 research at the behest of the Chinese government while that same government was simultaneously withholding information about the virus and its origins,” said Nicholas Ganjei, U.S. Attorney for the Southern District of Texas. “The Southern District of Texas has been waiting years to bring Xu to justice and that day is nearly at hand. As this case shows, even if it takes years, we will track hackers down and make them answer for their crimes. The United States does not forget.”

“In February 2020, as the world entered a pandemic, Xu Zewei and other cyber actors working on behalf of the Chinese Communist Party (CCP) targeted American universities to steal groundbreaking COVID-19 research. The following year, these same actors, operating as a group publicly known as HAFNIUM, exploited zero-day vulnerabilities in U.S. systems to steal additional research,” said Assistant Director Brett Leatherman of FBI’s Cyber Division. “Through HAFNIUM, the CCP targeted over 60,000 U.S. entities, successfully victimizing more than 12,700 in order to steal sensitive information. This arrest, carried out with our Italian law enforcement partners, demonstrates the FBI’s relentless commitment to holding CCP-sponsored hackers accountable for their crimes.” 

According to court documents, in early 2020, Xu and his co-conspirators hacked and otherwise targeted U.S.-based universities, immunologists, and virologists conducting research into COVID‑19 vaccines, treatment, and testing. Xu and others reported their activities to officers in the SSSB who were supervising and directing the hacking activities. For example, on or about Feb. 19, 2020, Xu provided an SSSB officer with confirmation that he had compromised the network of a research university located in the Southern District of Texas. On or about Feb. 22, 2020, the SSSB officer directed Xu to target and access specific email accounts (mailboxes) belonging to virologists and immunologists engaged in COVID-19 research for the university. Xu later confirmed for the SSSB officer that he acquired the contents of the researchers’ mailboxes.

Beginning in late 2020, Xu and his co-conspirators exploited certain vulnerabilities in Microsoft Exchange Server, a widely-used Microsoft product for sending, receiving, and storing email messages. Their exploitation of Microsoft Exchange Server was at the forefront of a massive campaign targeting thousands of computers worldwide and known publicly as “HAFNIUM.” In March 2021, Microsoft publicly disclosed the intrusion campaign by state-sponsored hackers operating out of China. Throughout March 2021, Microsoft and other industry partners released detection tools, patches, and other information to assist victim entities in identifying and mitigating this cyber incident. Additionally, the FBI and the Cybersecurity and Infrastructure Security Agency released a Joint Advisory on Compromise of Microsoft Exchange Server on March 10, 2021. However, by the end of March 2021, hundreds of web shells remained on certain U.S.-based computers running Microsoft Exchange Server software. In April 2021, the Justice Department announced a court-authorized operation to remediate hundreds of computers in the United States made vulnerable by HAFNIUM actors. In July 2021, the United States and foreign partners attributed the HAFNIUM campaign to the PRC’s MSS. 

Among the victims of Xu’s exploitation of Microsoft Exchange Server were another university located in the Southern District of Texas and a law firm with offices worldwide, including in Washington, D.C. After exploiting computers running Microsoft Exchange Server, Xu and his co-conspirators installed web shells on them to enable their remote administration. These web shells were specific to HAFNIUM actors at the time. As with the earlier COVID-19 research intrusions, Xu and Zhang worked together on the HAFNIUM intrusions, under the supervision and direction of SSSB officers. For example, on or about Jan. 30, 2021, Xu confirmed to Zhang that he had compromised the other university’s network. Later, on or about Feb. 28, 2021, Xu updated a SSSB officer on his successful intrusions. This SSSB officer then directed Xu to obtain a list of other, successful intrusions from a second SSSB officer. Unauthorized access to the law firm’s network allowed Xu and his co-conspirators to steal information from mailboxes and search them for information regarding specific U.S. policy makers and government agencies. Their search terms included “Chinese sources,” “MSS,” and “HongKong.”

The announcement of charges against Xu is the latest describing the PRC’s use of an extensive network of private companies and contractors in China to hack and steal information in a manner that obscured the PRC government’s involvement. Operating from their safe haven and motivated by profit, this network of private companies and contractors in China cast a wide net to identify vulnerable computers, exploit those computers, and then identify information that it could sell directly or indirectly to the PRC government. This largely indiscriminate approach results in more victims in the United States and elsewhere, more systems worldwide left vulnerable to future exploitation by third parties, and more stolen information, often of no interest to the PRC government and, therefore, sold to other third parties.

Xu is charged with conspiracy to commit wire fraud and two counts of wire fraud, which carries a maximum penalty of 20 years in prison for each count; conspiracy to cause damage to and obtain information by unauthorized access to protected computers, to commit wire fraud, and to commit identity theft, which carries a maximum penalty of five years in prison; two counts of obtaining information by unauthorized access to protected computers, which carries a maximum penalty of five years in prison; two counts of intentional damage to a protected computer, which carries a maximum penalty of 10 years in prison; and aggravated identity theft, which carries a maximum penalty of two years in prison. Zhang Yu, remains at large. Anyone with information about his whereabouts is asked to contact the FBI at 1-800-CALL-FBI (1-800-225-5324).

The FBI’s Houston Field Office is investigating the case. The Justice Department’s Office of International Affairs provided valuable assistance in securing the defendant’s arrest.

Assistant U.S. Attorneys Mark McIntyre and John Marck for the Southern District of Texas and Deputy Chief Matthew Anzaldi of the National Security Division’s National Security Cyber Section are prosecuting the case. The Justice Department’s Office of International Affairs is handling the extradition.

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.