Chinese authorities have accused the U.S. National Security Agency (NSA) of orchestrating a series of cyberattacks targeting the 2025 Asian Winter Games in Harbin and related critical infrastructure across Heilongjiang Province. In an unprecedented move, local police issued a public bounty for three alleged NSA operatives.
Why it Matters
This is not the first time China has made such accusations — in February 2025, it blamed the NSA’s TAO unit and CIA for cyberattacks on Northwestern Polytechnical University, a major research hub linked to China’s aerospace and military sectors.
The rare move to publicly name individual U.S. intelligence officers signals a sharp escalation in cyber conflict, adding fuel to already strained U.S.-China relations amid Trump’s tariffs, rising tensions over Taiwan, and the tech sanctions. Beijing’s growing willingness to disclose technical evidence and operational details suggests a shift toward aggressive “naming and shaming” — a tactic more commonly employed by Western nations in recent years.
How the Attack Unfolded
As per China daily, Chinese cybersecurity team found that cyberattack on Asian Winter Games was carried out by the NSA’s Office of Tailored Access Operations (TAO), a covert unit specializing in cyberattacks. To cover their tracks, the NSA used proxy agencies to purchase IP addresses from multiple countries and rented servers in Europe and Asia to hide the true source of the attack.
In the lead-up to the Asian Winter Games, the NSA targeted key information systems, including:
- Athlete registration systems
- Travel and arrival management systems
- Event registration systems
These systems stored sensitive personal data of athletes, which the NSA reportedly aimed to steal.The attacks intensified after the opening ice hockey match on February 3, with NSA’s focus shifting to:
- Event information systems (including APIs)
- Logistics systems crucial for managing the event
The goal appeared to be disrupting the games and interfering with live event operations.
Parallel to the attacks on the Games, the NSA also targeted critical infrastructure in Heilongjiang Province, including:
- Energy
- Transportation
- Water systems
- Telecommunications
Who’s being blamed
Chinese police named three NSA agents as key perpetrators:
- Katheryn A. Wilson
- Robert J. Snelling
- Stephen W. Johnson
They are alleged to be operatives within the NSA’s Office of Tailored Access Operations (TAO) — a unit under the agency’s Signals Intelligence Directorate (S3), known for conducting offensive cyber-operations.
Chinese authorities also claimed that University of California and Virginia Tech were also participated in this operations.
Our Take
Last year, during the Biden administration, a cyberattack was reportedly ordered on a suspected Iranian spy ship for aiding Houthis. Based on available information, we can assess that such an operation could have occurred. There are several possibilities to considered
- It could have been a false flag operation by China to divert attention from ongoing news cycles, particularly the tariff disputes from the Trump administration.
- Given the presence of China hawks within the Trump administration, it’s also possible that the attack was ordered by the Trump administration itself, or even by officials before Trump took office, as the timing suggests the attack occurred just a week after his inauguration. This could imply early operations by the Biden administration, though it’s still unclear.
- Another possibility is that the attack was poorly executed, and the administration knew it was coming. If that’s the case, it might explain why the NSA director and deputy were fired last week — they may have been held accountable for the failure.
Follow us on X and Linkedin for the latest cybersecurity news
Source:hxxps[://]cn[.]chinadaily[.]com[.]cn/a/202504/15/WS67fdb569a310e29a7c4a914a.html
