Harbin Public Security Bureau has issued a public warrant for three United States National Security Agency (NSA) agents after uncovering over 270,000 network attacks aimed at systems supporting the Ninth Asian Winter Games.
The assaults, unfolding before and during the event in early February, targeted key infrastructure across Heilongjiang province: energy grids, transport networks, water supplies, communications and even national defense research facilities.
Tracing the Breach
Collaborating with the National Computer Virus Emergency Response Center and domestic cybersecurity firms including 360 Group, investigators linked the intrusions to NSA's Information Intelligence Directorate (code-named S) and its Tailored Access Operations office (TAO, code-named S32).
Detailed analysis revealed that three NSA operatives and two U.S. universitiesâthe University of California and Virginia Techâwere involved in orchestrating the campaign. Over 170,000 probes originated directly from the United States, accounting for more than 60% of the activity. Attackers masked their tracks by routing traffic through hosts in the Netherlands and other European countries, while leasing servers across continents to avoid detection.
AI-Driven Warfare
According to Bian Liang, Deputy Director of 360 Group's Advanced Threat Research Institute, AI played a starring role. âIn contrast to traditional manual reconnaissance, parts of the attack code were dynamically generated by AI to scan vulnerabilities and adapt on the fly,â he explained. âThis amounts to a fleet of digital hackers capable of rapidly probing multiple targets and designing bespoke attack tools, posing a severe challenge to national defenses.â
Zero-Day Time Bombs
Investigators found that zero-day exploits were used to plant dormant malwareâso-called "digital time bombs"âwithin competition systems, including registration portals, arrivals and departures management and competition entry platforms that handle sensitive personnel and logistics data.
High-Tech Cat-and-Mouse
Cyber sleuths traced the attack paths by spotting unusual late-night data flows and unexplained connections to unrecognized servers. By analyzing packet origins, destinations and content, they reconstructed the intruders' digital routes and matched them against a database of known intrusion signatures.
Investigators also noted the attackers' seasonal work habitsâavoiding weekends and Western holidaysâas key clues. Once identified, the three NSA agents were linked to previous campaigns targeting Huawei and other critical assets on the Chinese mainland.
Shoring Up Defenses
Zhou Hongyi, founder and chairman of 360 Group, warned that state-level threat actors are now operating in an era of AI-driven cyber warfare. âLarge-scale automated vulnerability discovery and intelligent malware generation have broken traditional time-space constraints, elevating network conflict to a new, more dangerous phase,â he said.
With geopolitical tensions on the rise, experts urge critical infrastructure operators to build comprehensive security data repositories, deploy proactive threat monitoring, cultivate expert response teams and leverage AI-powered defense models to match the sophistication of modern cyber adversaries.
Reference(s):
Harbin Police Issue Warrant for Three NSA Agents After 270,000 Cyberattacks on Asian Winter Games
bjnews.com.cn
