Chinese authorities on Tuesday accused the U.S. National Security Agency of cyberattacks targeting digital infrastructure linked to February’s Asian Winter Games, issuing arrest warrants for three alleged operatives.
The Harbin Public Security Bureau named Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson, claiming they worked under the NSA’s Office of Tailored Access Operations. The names were published in a report by China’s National Computer Virus Emergency Response Center and broadcast by Xinhua. No technical evidence was provided.
Translated document released by China’s Harbin Security Bureau issues a wanted notice for three alleged NSA operatives linked to the Office of Tailored Access Operations (TAO). pic.twitter.com/ShBfAdQp8N
— Uncivil Media (@uncivil_media) April 15, 2025
According to Chinese officials, the cyberattacks targeted key systems managing the Asian Winter Games, including platforms for registration, transportation, and event access. Authorities said the systems held significant amounts of personal data and accused the attackers of trying to “disrupt and undermine” the event.
China’s National Computer Virus Emergency Response Center (CVERC) claimed the NSA used front organizations to anonymously lease overseas servers and acquire IP addresses in Europe and Asia to obscure the origin of the intrusions. The report also alleged that the campaign extended beyond the Games, targeting critical infrastructure in Heilongjiang province, including energy grids, transportation systems, water resources, telecommunications, and defense research facilities. Xinhua reported that NSA actors transmitted encrypted data packets to Microsoft Windows devices within these sectors.
Chinese Foreign Ministry spokesperson Lin Jian condemned the alleged activity during a news briefing on Tuesday, calling the cyberattacks “extremely malicious” and accusing the U.S. of endangering China’s national security and the personal data of its citizens.
SOFX previously reported that, in a closed-door meeting last December, Chinese officials acknowledged their government had conducted cyberattacks on U.S. infrastructure, according to the Wall Street Journal, which cited individuals familiar with the matter.
The U.S. government has not confirmed the identities or employment status of the named individuals.
The publication of the accusations coincided with China’s National Security Education Day, an observance established by President Xi Jinping in 2015. Analysts, including Dakota Cary from cybersecurity firm SentinelOne, noted the timing suggests a domestic messaging campaign rather than a serious legal pursuit.
U.S. intelligence officials have repeatedly cited China as the most persistent cyber threat to American infrastructure.
