The Department of Justice is posting this court document as a courtesy to the public. An official copy of this court document can be obtained (irrespective of any markings that may indicate that the document was filed under seal or otherwise marked as not available for public dissemination) on the Public Access to Court Electronic Records website at https://pacer.uscourts.gov. In some cases, the Department may have edited the document to redact personally identifiable information (PII) such as addresses, phone numbers, bank account numbers, or similar information, and to make the document accessible under Section 508 of the Rehabilitation Act of 1973, which requires federal agencies to make electronic information accessible to people with disabilities.
司法部作为对公众的友好服务，正在发布此法院文件。此法院文件的官方副本可在 https://pacer.uscourts.gov 的公共访问法院电子记录网站上获取（无论是否有标记表明该文件已封存或标记为不可公开传播）。在某些情况下，司法部可能已编辑该文件，以删除个人身份信息（PII），如地址、电话号码、银行账户号码或类似信息，并使其符合 1973 年《康复法案》第 508 条的要求，该法案要求联邦机构使电子信息对残疾人士可访问。

v．

XU ZEWEI（徐泽伟），and
ZHANG YU（张宇），

Defendants．  被告人。

Criminal No．4：23－cr－00523
刑事案号：23－cr－00523

THE UNITED STATES GRAND JURY CHARGES：
美国大陪审团指控：

At all times relevant to this Indictment：
在与本起诉书相关的任何时候：
1．The Shanghai State Security Bureau（＂SSSB＂）was a foreign intelligence arm of the People＇s Republic of China＇s（＂PRC＂）Ministry of State Security（＂MSS＂），headquartered in Shanghai，China．The MSS and the SSSB had responsibility for the PRC＇s domestic counter－ intelligence，non－military foreign intelligence，and aspects of the PRC＇s political and domestic security．
1.上海国家安全局（“SSSB”）是中华人民共和国（“PRC”）国家安全部（“MSS”）的外国情报部门，总部位于中国上海。

2．From February 2020 to June 2021，SSSB officers，along with employees of Shanghai technology companies working at the direction of the SSSB，conspired to steal information through unauthorized access（＂hacking＂）into computers in the United States and elsewhere，including by exploiting vulnerabilities in a certain Microsoft product as part of a mass intrusion campaign known publicly as＂HAFNIUM．＂SSSB OFFICER 1 （＂OFFICER 1＂）and SSSB OFFICER 2 （＂OFFICER 2＂）directed defendants XU ZEWEI and ZHANG YU，together with their co－conspirators，to hack into or facilitate intrusions of university and business computers
2．2020 年 2 月至 2021 年 6 月期间，SSSB 官员与受 SSSB 指使工作的上海科技公司员工合谋，通过未经授权访问（“黑客攻击”）美国及其他地区的计算机来窃取信息，包括利用某款微软产品的漏洞，作为一项公开被称为“HAFNIUM”的大规模入侵活动的一部分。SSSB 官员 1（“官员 1”）和 SSSB 官员 2（“官员 2”）指示被告徐泽伟和张宇，连同他们的同谋，对大学和企业计算机进行黑客攻击或协助入侵
located in the United States and elsewhere for the purpose of gaining and maintaining unauthorized access to those computers and stealing information. XU and ZHANG, together with their coconspirators, including but not limited to OFFICER 1 and OFFICER 2, are collectively referred to in this Indictment as the “conspirators.”
位于美国及其他地区，旨在获取并维持对那些计算机的未经授权的访问权限，并窃取信息。徐和张，连同他们的同谋者，包括但不限于官员 1 和官员 2，在本起诉书中统称为“同谋者”。
3. Beginning in early 2020, the conspirators targeted, among others, U.S.-based universities and leading immunologists and virologists conducting ground-breaking research into COVID-19 vaccines, treatments, and testing. Beginning in late 2020, the conspirators exploited certain vulnerabilities in Microsoft Exchange Server, a widely-used Microsoft product for sending, receiving, and storing email messages, to target a law firm and others with insight into the United States’ government policies and policymakers. Months later, in a March 2, 2021 report, Microsoft publicly disclosed an intrusion campaign by state-sponsored hackers operating out of China, a group Microsoft named “HAFNIUM,” which exploited these same vulnerabilities in Microsoft Exchange Server. The conspirators thus were at the forefront of the PRC’s “HAFNIUM” intrusion campaign, which the United States government, the European Union, the United Kingdom, and the North Atlantic Treaty Organization, and private sector cybersecurity leaders later condemned as an “indiscriminate,” “reckless,” “irresponsible,” and “destabilizing” hack of thousands of computers worldwide.
3. 自 2020 年初起，共犯者将目标对准了美国大学以及从事新冠疫苗、治疗方法和检测研究的前沿免疫学家和病毒学家等。自 2020 年底起，共犯者利用微软 Exchange Server 的某些漏洞——这是一款广泛用于发送、接收和存储电子邮件信息的微软产品——针对一家律师事务所及其他了解美国政府政策和决策者的机构。数月后，在 2021 年 3 月 2 日的报告中，微软公开披露了一项由来自中国的国家支持黑客发起的入侵活动，微软将这一团伙命名为“HAFNIUM”，该团伙也利用了微软 Exchange Server 的相同漏洞。因此，共犯者成为了中国“HAFNIUM”入侵活动的前沿，这一活动后来被美国政府、欧盟、英国、北大西洋公约组织以及私营部门网络安全领导者谴责为对全球数千台计算机的“无差别”、“鲁莽”、“不负责任”和“破坏稳定”的黑客攻击。
4. The conspirators included, but were not limited to:
4. 共谋者包括但不限于：
a. XU ZEWEI, a general manager at Shanghai Powerock Network Co. Ltd. (“Powerock”), who operated at the direction of the SSSB. XU was a resident and citizen of the PRC. Among other things, XU worked on taskings from the SSSB, supervised hacking activity of other Powerock personnel in support of
a. XU ZEWEI，上海 Powerock 网络有限公司（“Powerock”）的总经理，在 SSSB 的指示下行动。XU 是中华人民共和国的居民和公民。除其他事项外，XU 处理来自 SSSB 的任务，监督其他 Powerock 员工的黑客活动以支持