China's National Computer Virus Emergency Response Center (CVERC) disclosed on Thursday that the 9th Asian Winter Games' information systems suffered over 270,000 cyberattacks during the event, with most originating from overseas.
According to a technical analysis report, the cyberattacks started to surge on Feb 3, the first day of competition in the 9th Asian Winter Games.
"Since the first ice hockey match on Feb 3, our cybersecurity team detected a continuous surge in abnormal network traffic targeting the Games' information systems, including extensive asset probing, port scanning, and vulnerability exploitation attacks," said Du Zhenhua, a senior engineer at CVERC.
Cybersecurity experts revealed that the attacks primarily employed network probing and scanning techniques to identify system vulnerabilities, followed by exploitation of known security flaws to infiltrate networks.
Forensic analysis of the attackers' methods confirmed their primary focus was the Games' core event management systems.
"The attackers primarily targeted three critical systems: the competition information release system, arrival and departure management system, and payment card system. These systems are vital for the press release of important event information, the coordination of personnel and materials, and the overall organization and management of the event, containing sensitive data. The attacks had dual purposes, which are stealing confidential information and disrupting event operations through system sabotage," Du said.
According to the report, the Asian Winter Games' event information systems suffered 270,167 cyberattacks from overseas between Jan 26 and Feb 14, 2025. The attacks followed a fluctuating upward trend, with a sharp surge from the Games' opening on Feb 7 until the closing phase on Feb 13. The peak occurred on Feb. 8.
During the event, cybersecurity teams blocked 12,602 high-risk malicious IP addresses that were involved in malicious scanning, vulnerability exploitation, and attempts to infiltrate systems, steal data, or sabotage operations. Most attacks originated from foreign cloud service hosts.
"[Our analysis shows] the primary source of cyberattacks on Games systems is the United States, with over 170,000 attacks, accounting for more than 60 percent of the total. As for the cyberattacks on the critical information infrastructure of Heilongjiang Province, the majority of these attacks come from the Netherlands, with more than 30 million incidents," Du said.
Du said that, based on previous analysis, such a pattern is consistent with U.S. intelligence agencies using European hosts as proxies.
"The public security agencies have received complete data on the attacks from CVERC and the Games' cybersecurity team. We will deploy specialized technical units to thoroughly trace the attackers and take resolute legal action against them," said Sun Lifu, Deputy Director of the Harbin Public Security Bureau.
China reports foreign cyberattacks on Asian Winter Games computer systems
