China points to NSA as responsible for sophisticated cyberattacks during Winter Games

A serious accusation from the Harbin police in Heilongjiang province has placed the United States National Security Agency (NSA) at the center of an international scandal. On Tuesday, April 15, 2025, Chinese authorities claimed that the NSA conducted “advanced” cyberattacks against critical sectors of the country, including energy, transportation, communications, and defense, during the Asian Winter Games held in February. The operation, according to police, targeted essential infrastructure, such as event registration systems and strategic companies, including tech giant Huawei. The accusation details the involvement of three alleged NSA agents, identified as Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson, and also points to the participation of U.S. academic institutions, such as the University of California and Virginia Tech. China has escalated its rhetoric against the United States, demanding a responsible stance on cybersecurity and condemning what it described as “unprovoked attacks.”

The accusations come at a time of growing tension between the world’s two largest economies, marked by a trade war that has already led to restrictions on imports of American films and travel warnings for Chinese tourists visiting the U.S. The Harbin police stated that the attacks, carried out during the sporting event, aimed to destabilize the country’s infrastructure, cause social disorder, and steal sensitive information, including personal data of participating athletes. China’s Foreign Ministry confirmed the allegations and stated that it has raised concerns with U.S. authorities, requesting clarification. The U.S. Embassy in Beijing, however, has not responded to requests for comment so far.

The severity of the accusations reflects the increasing disputes in the field of cybersecurity, with both countries exchanging allegations of espionage and cyberattacks. China, which has faced accusations from Western governments for years over alleged hacking operations, is now turning the tables, pointing to the U.S. as responsible for actions that compromise global security. The case also highlights the growing importance of protecting critical infrastructure in an increasingly digital-dependent world.

Details of the accusations against the NSA

The Harbin police revealed that the cyberattacks began on February 3, coinciding with the opening of the Asian Winter Games, and peaked during the first ice hockey match. According to authorities, the NSA used sophisticated techniques, including activating pre-installed backdoors in Microsoft Windows operating systems, to access strategic devices in Heilongjiang. These backdoors, described as secret entry points in the software, allegedly allowed infiltration into sensitive systems, such as those used to manage event participant registration.

Furthermore, the NSA reportedly acquired IP addresses in various countries and rented anonymous servers in Europe and Asia to mask its operations. This strategy, according to the state news agency Xinhua, was designed to hinder the tracking of cyber activities. The attacks, as per the accusation, primarily aimed to steal sensitive data, including personal information of athletes and organizers, and to disrupt the operation of critical sectors like energy and transportation.

The accusations also mention Huawei as one of the primary targets. The company, which faces restrictions in the U.S. due to national security concerns, reportedly suffered attempts to steal strategic data. Huawei’s inclusion in the list of targets reinforces China’s narrative that the attacks are part of a U.S. campaign to curb the country’s technological advancement.

• Main targets: Energy, transportation, communications, defense infrastructure, and Huawei.
• Attack period: During the Asian Winter Games, peaking on February 3.
• Techniques used: Backdoors in Windows systems and anonymous servers.
• Alleged objective: Destabilize China and steal confidential data.

Involvement of agents and U.S. institutions

Harbin authorities identified three individuals allegedly linked to the NSA: Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson. These names were added to a wanted list, a symbolic measure signaling China’s intent to publicly expose those responsible. According to Xinhua, the three agents conducted repeated attacks on critical infrastructure and Chinese companies, with Huawei being a prominent target. No details were provided on how the names were identified or the specific role of each agent in the operations.

In addition to the individuals, the accusation points to the involvement of two U.S. universities: the University of California and Virginia Tech. The lack of specific information about their participation raises questions, but their inclusion in the narrative suggests an attempt to broaden the scope of the accusations, implicating even the U.S. academic sector. The absence of detailed clarifications may be a strategy to pressure the U.S. without revealing all available evidence.

The mention of academic institutions is not unprecedented in cybersecurity disputes. In recent years, both China and the U.S. have accused universities of serving as research hubs for cyber operations. In China’s case, collaboration programs between universities and the government are often linked to intelligence activities, while the U.S. claims its institutions are targets of Chinese espionage.

Context of the trade war and bilateral tensions

The accusations come at a delicate moment for Sino-American relations. The trade war, intensified in recent years, has already resulted in sanctions against Chinese companies like Huawei and restrictions on advanced technology exports. In retaliation, China has imposed barriers on American cultural products, such as films, and issued travel warnings for its citizens planning to visit the U.S. This climate of mutual hostility creates a fertile ground for cyberattack accusations, which serve both as a diplomatic pressure tool and a justification for protectionist measures.

Cybersecurity has become one of the main battlegrounds between the two nations. The U.S. regularly accuses Chinese state-backed hackers of targeting critical infrastructure, such as the Department of Defense and the Department of Commerce, as well as the foreign ministries of allied countries like Taiwan and South Korea. In March 2025, Washington announced indictments against a group of Chinese hackers, escalating tensions. China, in turn, denies involvement in cyber espionage and now adopts a more assertive stance, accusing the U.S. of similar practices.

The exchange of accusations reflects the difficulty of establishing global cybersecurity norms. Unlike traditional conflicts, cyberattacks are hard to attribute with certainty, allowing both sides to use allegations as a political tool. The inclusion of specific details, such as the agents’ names and universities, may be an attempt by China to lend credibility to its claims, but it also risks further escalating the conflict.

History of mutual accusations

In recent years, China has intensified its accusations against the U.S. in the cybersecurity field. In December 2024, Chinese authorities claimed to have neutralized two U.S. cyberattacks on tech companies aimed at stealing trade secrets. Although the NSA was not directly mentioned at the time, the accusations reinforce the narrative that the U.S. conducts cyber operations against Chinese targets. These incidents, combined with the disruption of infrastructure during the Winter Games, form a pattern that Beijing uses to justify its criticisms.

Conversely, the U.S. has a long history of accusing China. Since the early 2010s, Washington has denounced Chinese hackers’ operations against American companies, such as Google and Microsoft, as well as government agencies. In 2020, the FBI accused Chinese hackers of attempting to steal Covid-19 vaccine research data. More recently, in 2024, the U.S. Department of Justice indicted seven Chinese hackers for attacks on critical infrastructure, including energy and transportation systems.

This cycle of accusations has created a climate of mistrust that hinders cooperation on cybersecurity issues. Both countries heavily invest in cyber capabilities, both offensive and defensive, while trying to shape global public opinion in their favor. The Harbin accusation, with specific details about the attacks, is an example of how China seeks to gain ground in this debate.

• Recent Chinese accusations: Neutralization of two U.S. attacks in 2024 targeting trade secrets.
• U.S. accusations: Indictments against Chinese hackers in 2024 and 2025 for attacks on critical infrastructure.
• Frequent targets: Tech companies, government agencies, and international events.
• Global impact: Escalation of tensions and challenges for cybersecurity norms.

Impact of the attacks on the Winter Games

The Asian Winter Games, held in Heilongjiang, were a high-profile event, attracting athletes, officials, and tourists from various countries. The choice of this period for the alleged NSA attacks suggests an intent to maximize impact, disrupting the event’s organization and exposing vulnerabilities in Chinese infrastructure. According to Xinhua, the attacks targeted registration systems, which stored sensitive information about participants, including identities and personal data.

Disrupting critical systems during an international event can have serious consequences, from logistical failures to damage to the host country’s reputation. Although there are no reports of specific incidents, such as competition cancellations, the accusation indicates that the attacks caused operational disruptions. The Harbin police highlighted that energy and transportation systems, essential for the event’s operation, were also targeted, which could have led to delays or mobility issues.

China heavily invested in the security of the Winter Games, both physical and cyber, due to their symbolic importance. The accusation of NSA attacks reinforces the perception that international events are strategic targets in cyber wars, a trend observed in other contexts, such as the 2018 Olympics in South Korea, which suffered attacks attributed to Russia.

China’s response and diplomatic pressure

China’s Foreign Ministry adopted a firm tone when addressing the accusations, demanding that the U.S. take a responsible stance on cybersecurity. Spokesperson Lin Jian criticized what he called “unprovoked attacks” and called for an end to “slanders” against China. This rhetoric reflects Beijing’s strategy of using the accusations as a tool to pressure Washington, especially in a context of commercial and geopolitical tensions.

Adding the alleged NSA agents to a wanted list is an unusual measure, likely more symbolic than practical. China has no jurisdiction to arrest individuals in the U.S., but publicizing the names serves to embarrass the U.S. government and reinforce the narrative that the U.S. is responsible for illicit cyber activities. Mentioning the universities also amplifies the accusation’s impact, suggesting that even academic institutions are involved in intelligence operations.

China’s diplomatic pressure comes at a time when both countries are seeking allies in the cybersecurity debate. Asian countries, such as South Korea and India, which have also been targets of alleged Chinese hackers, may be influenced by the Harbin accusations, complicating regional alliances. China may also use the case to justify data protection measures, such as the 2021 Data Security Law, which imposes restrictions on foreign companies operating in the country.

Vulnerabilities in critical infrastructure

The Harbin accusation exposes the fragility of critical infrastructure in a hyperconnected world. Sectors like energy, transportation, and communications rely on digital systems that, if compromised, can cause large-scale disruptions. China, which has invested billions in modernizing its infrastructure, faces the challenge of protecting it from external threats, especially during high-profile events like the Winter Games.

The backdoors mentioned in the accusation, allegedly present in Windows systems, highlight the complexity of securing widely used software. Microsoft, though not commenting directly on the case, has faced criticism in the past for vulnerabilities in its systems, such as the 2020 SolarWinds attack attributed to Russia. The possibility of pre-installed backdoors raises concerns about the reliability of foreign technologies, an argument China uses to promote its domestic software industry.

Protecting critical infrastructure requires international cooperation, but tensions between China and the U.S. hinder this effort. Both countries maintain robust cybersecurity programs, but the lack of trust prevents the creation of global agreements. The Harbin accusation may intensify the debate about the need for norms to prevent cyberattacks but also reinforces the fragmentation of the digital space.

• Vulnerable sectors: Energy, transportation, communications, and defense.
• Attack techniques: Backdoors in software and anonymous servers.
• Global challenges: Protecting critical infrastructure during international events.
• Potential impact: Logistical disruptions and reputational damage.

Timeline of events

The cyberattacks reported by China followed a sequence that coincided with the Asian Winter Games. Below is a timeline of the key moments:

• February 3, 2025: Attacks begin, peaking during the first ice hockey match.
• February 3-15: NSA operations target registration systems and critical infrastructure.
• March 2025: Harbin police conclude investigations, identifying agents and institutions involved.
• April 15, 2025: China publicly announces the accusations, adding three NSA agents to the wanted list.
• April 15, afternoon: China’s Foreign Ministry confirms the allegations and demands explanations from the U.S.

Implications for Huawei and the tech sector

Huawei, cited as one of the attack targets, is at the heart of the technological dispute between China and the U.S. The company, a global leader in telecommunications equipment, has faced U.S. sanctions since 2019, limiting its access to technologies and Western markets. The accusation of cyberattacks reinforces China’s narrative that the U.S. seeks to sabotage the country’s technological progress through means beyond trade restrictions.

The attacks on Huawei, according to Xinhua, aimed to steal strategic data, possibly related to 5G technologies and artificial intelligence. The company, which invests billions in research and development, is seen as a threat to U.S. technological supremacy, explaining its inclusion in the list of targets. The accusation may serve as a justification for China to accelerate policies of technological self-sufficiency, reducing dependence on foreign software and hardware.

China’s tech sector, including giants like Tencent and Alibaba, may also be affected by the case. The possibility of cyberattacks on strategic companies underscores the need for investments in cybersecurity and stricter regulations. The Personal Information Protection Law, implemented in 2021, already imposes obligations on companies handling sensitive data, and the Harbin case may lead to even more restrictive measures.

International repercussions and future challenges

China’s accusations have sparked varied reactions globally. U.S. allies, such as Japan and Australia, which also accuse China of cyberattacks, may question the veracity of the claims, while neutral or Beijing-aligned nations, like Russia and Iran, may use the case to criticize Washington. The inclusion of U.S. universities in the accusation also raises concerns about the role of academic institutions in intelligence disputes, a sensitive topic in international forums.

Cybersecurity is one of the greatest challenges of the 21st century, with implications beyond the Sino-American rivalry. The increasing digitization of critical infrastructure, combined with the sophistication of hacking techniques, demands coordinated responses. However, the polarization between China and the U.S. hinders the creation of a global regulatory framework, leaving cyberspace as a battlefield without clear rules.

The Harbin case also highlights the importance of international events as strategic targets. The Winter Games, like the Olympics and other major events, are moments of global visibility, making them attractive for cyber operations. China, which plans to host other events in the coming years, must strengthen its digital security to prevent further incidents.

China’s measures to protect its infrastructure

Following the alleged attacks, China announced plans to bolster its cybersecurity. The Heilongjiang government, where the Winter Games were held, has already invested in advanced monitoring systems to detect intrusions in real time. Additionally, the country is expanding its domestic software industry, with companies like Huawei and Inspur developing alternatives to foreign systems like Windows.

The accusation may also accelerate the implementation of digital sovereignty policies. China already requires foreign companies to store Chinese citizens’ data on local servers, and the Harbin case may lead to further restrictions. These measures, while aimed at protecting national security, have drawn criticism from Western companies facing high costs to operate in the Chinese market.

Cooperation with allies, such as Russia and members of the Shanghai Cooperation Organization, is also a priority. These countries share concerns about U.S. influence in the digital space and have collaborated on initiatives to develop secure technologies. The Harbin case may strengthen these ties while widening the divide between global technological blocs.

• Chinese initiatives: Expansion of monitoring systems and development of domestic software.
• Data policies: Requirement for local storage and restrictions on foreign companies.
• Regional cooperation: Partnerships with Russia and the Shanghai Cooperation Organization.
• Main objective: Reduce dependence on foreign technologies.

The future of global cybersecurity

The Harbin case marks a milestone in the escalation of cyber tensions between China and the U.S. The accusations, with specific details about agents and techniques, reflect China’s willingness to confront the U.S. publicly, which may have lasting consequences. The inclusion of international events, such as the Winter Games, in the cyberattack narrative underscores the vulnerability of high-visibility moments, requiring heightened protection.

The rivalry in cybersecurity shows no signs of abating. Both countries continue to invest in offensive and defensive capabilities while trying to shape global norms in their favor. China, with its growing technological influence, seeks to establish itself as a cybersecurity leader, while the U.S. maintains its position as a dominant power in the digital space. This competition, though driven by national interests, has global implications, affecting everything from companies to ordinary citizens.

The Harbin accusation also reinforces the need for greater transparency in attributing cyberattacks. The lack of public evidence, combined with the complexity of tracking cyber operations, fuels conflicting narratives that hinder dispute resolution. As China and the U.S. exchange accusations, the risk of escalation remains, with potential impacts on critical sectors and global stability.