The Harbin Public Security Bureau in northeast China's Heilongjiang Province on Tuesday issued a wanted notice for three agents of the U.S. National Security Agency (NSA), accusing them of launching cyberattacks on the 9th Asian Winter Games in Harbin and key information systems in China.
According to a report released on April 3 by the National Computer Virus Emergency Response Center (CVERC), the Games' information systems were hit 270,000 times, while 50 million attacks were launched against critical infrastructure across Heilongjiang Province -- all traced back to foreign sources, or more specifically, from the U.S. and its allies.
Chinese investigators said forensic analysis identified the culprits as the U.S. National Security Agency (NSA)'s agents Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson. who have a history of targeting China's critical infrastructure and companies like Huawei with cyberattacks.
Zhou Hongyi, founder of Chinese cyber security company 360 Group, has described the successful identification of individual foreign agents as a historic milestone.
"Over the past few years, we repeatedly uncovered attacks by the U.S. on Northwestern Polytechnical University and a range of our country's key research and military-industrial infrastructure. It took us nearly ten years to build a comprehensive knowledge base of their attack methods and tactics. Tracing this incident back to three individual agents is a major breakthrough in history," Zhou said.
The Harbin police, in coordination with CVERC and the Games' cybersecurity task force, launched a full-scale investigation immediately after the attacks were discovered.
"The cyberattacks targeting the 9th Asian Winter Games were highly precise. If any of these critical operational systems were compromised -- whether through data theft or destruction -- it would have had a significant impact on the entire event. Based on the IP addresses, we can see that most of the attacks originated from organizations in the U.S. and its allies, which represents the highest level of cyberattack capability globally," said Wu Yunkun, president of Qi An Xin Group, another cyber security company.
Analysts also found out that the attacks involved artificial intelligence (AI) technology to automate and optimize intrusion tactics.
"This time, the U.S. NSA acted unusually, launching a massive-scale attack. Based on our analysis of the attack codes, they used AI agent technology - employing AI to plan attack strategies, search for vulnerabilities, and monitor network traffic. Some of the codes were clearly written by AI, meaning they achieved the ability to automatically and rapidly generate dynamic attack codes during the operation of attacks," Zhou said.
Chinese police issue wanted notice for U.S. NSA agents over cyberattacks
