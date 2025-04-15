Police authorities in Harbin, in northeast China's Heilongjiang Province, said on Tuesday that they are pursuing three operatives affiliated with the US National Security Agency (NSA) over suspected cyberattacks against China.

The Harbin public security bureau said that the three operatives — Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson — had been engaged in cyberattacks targeting the Asian Winter Games held in the city in February.

Investigations by Chinese technical teams revealed that the cyberattacks were carried out by the Office of Tailored Access Operations of the NSA. To conceal the origins of its attacks and secure its cyber weapons, the office used multiple affiliated front organizations to purchase IP addresses from various countries and anonymously rented servers located in regions including Europe and Asia.

Investigations revealed that the NSA focused its pre-event cyberattacks on critical systems of the Asian Winter Games, including registration, arrival/departure management, and competition entry platforms, authorities said. These systems, essential for pre-event operations, stored vast amounts of sensitive personal data of individuals associated with the Games.

From February 3, coinciding with the first ice hockey match, NSA cyberattacks peaked, primarily targeting critical operational systems such as the event's official information platforms. These systems were vital for ensuring the smooth running of the Games, and the NSA attempted to disrupt them to undermine their normal operations.

Meanwhile, the NSA launched cyberattacks targeting critical infrastructure sectors in Heilongjiang Province, including energy, transportation, water resources, telecommunications, and defense research institutions, authorities said.

Technical teams also discovered that during the Asian Winter Games, the NSA transmitted unknown encrypted data packets to specific devices running Microsoft Windows operating systems within the province. These packets are suspected to have been attempts to activate or trigger pre-implanted backdoors in the Windows systems, authorities added.

Further investigations revealed that the three NSA operatives had repeatedly launched cyberattacks against China's critical information infrastructure and participated in cyber operations targeting companies such as Huawei.

Technical teams also uncovered evidence implicating the University of California and Virginia Tech in the coordinated cyber campaign against the Asian Winter Games, authorities stated.