{"id":2758,"date":"2025-04-15T12:42:32","date_gmt":"2025-04-15T12:42:32","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2758"},"modified":"2025-04-15T12:42:32","modified_gmt":"2025-04-15T12:42:32","slug":"china-alleges-us-cyber-espionage-during-the-asian-winter-games-names-3-nsa-agents","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2758","title":{"rendered":"China alleges US cyber espionage during the Asian Winter Games, names 3 NSA agents"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

China has accused the US of conducting more than 170,000 cyberattacks against the Asian Winter Games held in Harbin this February. Officials have named three alleged NSA operatives they claim spearheaded the digital assault.<\/p>\n

The Harbin Public Security Bureau identified Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson as NSA personnel responsible for the attacks, according to a report from China\u2019s state news agency Xinhua.<\/p>\n

\u201cInvestigations by Chinese technical teams revealed that the cyberattacks were carried out by the Office of Tailored Access Operations of the NSA,\u201d the report added<\/a>. \u201cTo conceal the origins of its attacks and secure its cyber weapons, the office used multiple affiliated front organizations to purchase IP addresses from various countries and anonymously rented servers located in regions including Europe and Asia.\u201d<\/p>\n

The accusations follow a report<\/a> from China\u2019s National Computer Virus Emergency Response Center (NCVERC) documenting what it called systematic US cyber operations against Chinese targets.<\/p>\n

According to NCVERC, \u201cthe United States frequently used cloud hosts located in the Netherlands, Germany and other European countries as a hop or puppet host\u201d to stage attacks, establishing what investigators claim is a pattern of behavior.<\/p>\n

Attacks on critical infrastructure<\/h2>\n

Chinese authorities claimed the initial wave of attacks focused on registration systems, arrival and departure management, and competition entry platforms containing sensitive personal data of game participants.<\/p>\n

The cyber assault reportedly intensified on February 3rd with the first ice hockey match, with attackers shifting focus to information platforms essential to event operations.<\/p>\n

\u201cThese systems were vital for ensuring the smooth running of the Games, and the NSA attempted to disrupt them to undermine their normal operations,\u201d the Xinhua report stated.<\/p>\n

The accusations extend beyond sports systems to include alleged attacks on regional critical infrastructure, including energy, transportation, water systems, telecommunications, and defense research facilities throughout Heilongjiang Province.<\/p>\n

Chinese technical teams reported detecting \u201cunknown encrypted data packets\u201d transmitted to specific devices running Microsoft Windows operating systems within the province. These packets were allegedly attempts to \u201cactivate or trigger pre-implanted backdoors in the Windows systems,\u201d according to Xinhua.<\/p>\n

A deliberate and coordinated campaign<\/h2>\n

The NCVERC report revealed that between January 26 and February 14, 2025, the Games\u2019 information systems were struck by 270,167 attacks from abroad, with activity peaking on February 8, the day after the event\u2019s formal opening. Of these, 170,864 attacks (63.24%) originated from US-based IP addresses.<\/p>\n

The cyber onslaught primarily targeted the event\u2019s Information Service System, Arrival and Departure Management System, and Charging Card System. Attacks included arbitrary file read vulnerabilities, SQL injection, and spoofed HTTP headers, as well as mass port scans and vulnerability exploitation, the report stated.<\/p>\n

Chinese authorities alleged in the NCVERC report that the perpetrators used cloud-based hosts from providers like Digital Ocean to obscure their origins, and the report claims that servers in Europe and Asia were leveraged to launch the attacks under the cloak of anonymity.<\/p>\n

Academic connection<\/h2>\n

The Xinhua report specifically mentioned Chinese telecommunications giant Huawei as a target, stating that investigations revealed \u201cthe three NSA operatives had repeatedly launched cyberattacks against China\u2019s critical information infrastructure and participated in cyber operations targeting companies such as Huawei.\u201d<\/p>\n

In an unusual twist, Chinese authorities also implicated US universities in the alleged campaign.<\/p>\n

\u201cTechnical teams also uncovered evidence implicating the University of California and Virginia Tech in the coordinated cyber campaign against the Asian Winter Games,\u201d according to Xinhua.<\/p>\n

NCVERC\u2019s report claimed their attribution analysis linked the attacks to the US government based on TTPs (tactics, techniques, and procedures), timeline, timezone, language patterns, and other behavioral characteristics.<\/p>\n

\u201cDuring the hosting of large-scale international sports events in China, foreign hostile forces spare no effort to destroy and interfere with the normal operation of the sports events through cyberattacks, and even try to create chaos and steal sensitive information,\u201d the report added.<\/p>\n

Officials added they would submit \u201cdetails and artifacts of these attacks\u201d to public security authorities for further investigation.<\/p>\n

Ongoing cyber tensions<\/h2>\n

The accusations represent the latest development in the long-running digital conflict between China and the United States, where both nations routinely accuse each other of cyber espionage.<\/p>\n

US intelligence agencies consistently attribute major breaches to Chinese state-backed hackers, like APT40<\/a> and Volt Typhoon<\/a>, responsible for campaigns against Western government, telecom, and tech sectors. The NSA, the University of California and Virginia Tech have not responded to queries on these accusations.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

China has accused the US of conducting more than 170,000 cyberattacks against the Asian Winter Games held in Harbin this February. Officials have named three alleged NSA operatives they claim spearheaded the digital assault. The Harbin Public Security Bureau identified Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson as NSA personnel responsible for […]<\/p>\n","protected":false},"author":0,"featured_media":2759,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2758","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2758"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2758"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2758\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2759"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}