In a dramatic escalation of the ongoing cyber cold war between the world’s two largest economies, China has publicly accused the United States National Security Agency (NSA) of orchestrating a series of highly sophisticated cyberattacks. According to a detailed report released by China’s state news agency, Xinhua, the alleged operations targeted critical infrastructure and sensitive data during the 2024 Asian Winter Games held in Harbin, Heilongjiang Province.
Alleged Targets: Energy, Defense, and the Winter Games
Chinese authorities claim the NSA’s cyber operations specifically focused on key sectors such as energy, transportation, communications, water conservancy, and national defense research institutions. These attacks reportedly occurred in the lead-up to and during the Asian Winter Games in February. Law enforcement officials in Harbin stated that the goal was to sabotage China’s critical information infrastructure, create social disruption, and extract confidential data of national importance.
Xinhua’s report paints a vivid picture of the scope of the attacks. The NSA allegedly exploited vulnerabilities in pre-installed backdoors in Microsoft Windows operating systems—targeting select devices in Heilongjiang province. The cyberattacks were said to have peaked around February 3, coinciding with the first ice hockey match of the Games.
High-Profile Individuals Named
In a rare move, Chinese police added three individuals—identified as Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson—to their wanted list, accusing them of being NSA agents who “repeatedly carried out cyberattacks” on China’s critical information systems. The trio also allegedly participated in long-term surveillance and sabotage attempts against Chinese tech giants, including Huawei.
Although the accusations are extensive, the report falls short of detailing exactly how the named individuals were identified or what specific roles they played in the operation.
U.S. Universities Caught in the Crossfire
Surprisingly, the accusations extend beyond government agencies and into the academic world. China named the University of California and Virginia Tech as institutions allegedly involved in the cyber operations. However, no technical details were shared about the nature of their participation or the extent of their involvement. As of now, both universities have not issued any public statements regarding the allegations.
Anonymous Infrastructure and Global IP Masking
The Xinhua report goes on to describe the NSA’s alleged efforts to cover its tracks. According to Chinese investigators, the NSA purchased IP addresses from multiple countries and anonymously leased a vast number of network servers located in Europe and Asia. This global infrastructure was reportedly used to disguise the origin of the attacks, making detection and attribution significantly more difficult.
Furthermore, the NSA is accused of attempting to access personal data belonging to athletes participating in the Asian Winter Games. Chinese authorities claim the registration systems and event personnel databases were specifically targeted to gain sensitive information, raising concerns about the integrity and privacy of global sporting events.
Beijing Responds, Demands Accountability
Following the report, China’s Ministry of Foreign Affairs issued a stern statement urging Washington to adopt a more “responsible attitude” toward cybersecurity. Foreign Ministry spokesperson Lin Jian confirmed that China had officially raised its concerns with the United States.
“We urge the U.S. to stop launching unprovoked attacks and smears against China and to behave responsibly in the global cyberspace,” Lin said during a regular press briefing.
Broader Geopolitical Implications
This isn’t the first time cyber accusations have flown between the two superpowers, but the timing and specificity of this report are significant. Relations between the U.S. and China have already been strained by a widening trade war, mutual sanctions, and restrictions on tech and cultural exchange. In recent months, China has issued travel warnings to its citizens visiting the U.S. and suspended the import of several American films.
This latest incident adds yet another layer of complexity to an already volatile bilateral relationship. By naming specific individuals and institutions, China appears to be signaling a shift in its cyber diplomacy—moving from quiet complaints to direct, public confrontation.
A Pattern of Mutual Accusations
The United States routinely accuses Chinese state-sponsored hackers of targeting its government bodies and critical infrastructure. Just last month, Washington announced a wave of indictments against alleged Chinese hackers who were said to have infiltrated the U.S. Defense Intelligence Agency, the Department of Commerce, and the foreign ministries of several Asian nations, including Taiwan, South Korea, and India.
Beijing, for its part, has consistently denied involvement in cyber espionage activities abroad. However, it has recently begun to mirror Washington’s strategy by making its own cyber allegations public. In December 2024, Chinese officials claimed they had detected and neutralized two U.S.-backed cyberattacks on domestic tech companies with the goal of “stealing trade secrets.” Although no agency was named at the time, today’s revelation links those efforts directly to the NSA.
What’s Next?
While the U.S. Embassy in China has not responded to requests for comment, international observers will be watching closely to see how the U.S. government and the named institutions respond. The accusations raise troubling questions about the future of cybersecurity cooperation—or lack thereof—between the two global powers.
As digital warfare becomes an increasingly dominant battlefield, incidents like these highlight the urgent need for an international framework for cyber conduct. Without it, the world risks sliding deeper into a shadow war where accusations, espionage, and retaliation become the norm.
