China is investigating several US nationals for allegedly orchestrating cyberattacks targeting critical infrastructure and systems related to the Asian Winter Games, held in Harbin in February 2025. These accusations mark a significant escalation in the ongoing cybersecurity tensions between the two nations, adding another layer of complexity to their already strained relationship, exacerbated by trade disputes and mutual accusations of espionage.

Chinese authorities have publicly identified three individuals—Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson—alleging they are agents of the US National Security Agency (NSA). The Harbin Public Security Bureau has issued warrants for their arrest, accusing them of launching "advanced cyberattacks" aimed at disrupting the Games and stealing sensitive data. Moreover, Chinese cybersecurity experts claim that artificial intelligence (AI) was used to execute these attacks.

According to state media reports, the NSA specifically targeted key sectors in China's northeastern Heilongjiang province, including energy, transportation, water resources, telecommunications, and national defense research institutions. These attacks were purportedly designed to sabotage critical information infrastructure, cause social disorder, and pilfer confidential information. The systems managing the Asian Winter Games, such as registration, arrival/departure management, and competition entry platforms, were also targeted, potentially compromising vast amounts of personal data.

Chinese officials further allege that the NSA used various methods to conceal the origin of the attacks, including purchasing IP addresses from multiple countries and anonymously renting servers in Europe and Asia. They also accused the University of California and Virginia Tech of involvement, though the specific nature of their alleged participation remains unclear.

In response to these accusations, China's Foreign Ministry has condemned the alleged cyberattacks, asserting that they "severely endanger the security of China's critical information infrastructure, national defense, finance, society, production, as well as citizens' personal information." A ministry spokesperson stated that China has raised concerns with the US and urged Washington to adopt a responsible attitude toward cybersecurity, cease all attacks, and stop making baseless accusations against China.

These allegations follow a pattern of increasing cyber tensions between the US and China. Washington has frequently accused Chinese state-backed hackers of targeting American infrastructure, government agencies, and private firms. Just last month, the US indicted several alleged Chinese hackers believed to have attacked the Defense Intelligence Agency, the Department of Commerce, and foreign ministries in Taiwan, South Korea, India, and Indonesia. Beijing consistently denies involvement in any overseas cyber espionage. However, China has, in recent years, begun publicly accusing the US of conducting similar operations.

In December 2024, Chinese officials claimed to have uncovered and addressed two American cyberattacks on domestic tech firms intended to "steal trade secrets" since May 2023, although they did not name the specific agency responsible. An early April report from China's National Computer Virus Emergency Response Center claimed the U.S. launched some 170,000 cyberattacks during the Winter Games.

Experts fear that the escalating cyber conflict could have broader implications, particularly in the context of the ongoing trade war between the two countries. Some analysts suggest that China might retaliate against US tariffs with systemic cyberattacks, leveraging existing footholds in critical infrastructure to launch destructive campaigns. The "typhoon campaigns," a series of alleged Chinese government-backed digital intrusions, have reportedly given them a robust foothold within critical infrastructure.