Chinese Police Accuses 3 U.S. NSA Operatives of Cyber Attacks to Disrupt Harbin Winter Games

Authorities in northeastern China have accused three operatives from the United States National Security Agency (NSA) of launching cyberattacks designed to disrupt the February 2025 Asian Winter Games in Harbin.

The Harbin police said Tuesday that the suspects — identified as U.S. Citizens Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson — have been placed on a wanted list in connection with a series of cyber operations attributed to the NSA’s Office of Tailored Access Operations.

The attacks reportedly targeted not only the Winter Games’ digital infrastructure but also broader systems across Heilongjiang province. Investigators say the cyber campaign included registration databases, athlete entry systems, and arrival-departure platforms — all critical to the smooth execution of the February event.

Authorities also reported that multiple sectors such as energy, transportation, water resources, telecommunications, and defense research institutions in the region were affected.

“There is clear evidence that artificial intelligence was used throughout the operation,” said Zhou Hongyi, founder of 360 Security Technology, a Chinese cybersecurity firm that participated in the probe.

Zhou described the cyberattacks as “unprecedented” in scope and speed, noting that some of the code used was generated in real time by AI systems. “These AI tools were capable of exploring vulnerabilities, monitoring traffic, generating tools, and launching attacks autonomously,” Zhou added.

Technical experts believe that large AI models and intelligent agents allowed attackers to simulate and deploy numerous digital hackers simultaneously.

Investigators said that to hide its digital footprint, the NSA allegedly used front companies to purchase global IP addresses and rent servers across Europe and Asia. They also noted that encrypted data packets were transmitted to Windows-based devices during the Games, likely attempting to activate hidden backdoors.

The peak of the attacks came on February 3, coinciding with the first ice hockey match, when systems directly related to the event’s operation were hit.

In total, Chinese technical teams said they registered more than 270,000 cyberattacks linked to this campaign.

The police further claimed that the three accused agents had also been involved in past operations against Chinese targets, including Huawei. Institutions such as the University of California and Virginia Tech were also named as being involved in the larger campaign.

Following the attacks, experts from the National Computer Virus Emergency Response Center and 360 Security Technology launched an investigation to trace the sources and methods used.

As of now, U.S. officials have not publicly responded to the allegations.