In the midst of rising tensions around trade, US-China cyber relations worsen as China issues warrants for three NSA agents for cyberattacks during the Asian Winter Games.
Since the news broke on the Salt Typhoon hack in late 2024, cyber relations between the US and China have become especially terse. The Salt Typhoon hack, called the “worst telecom hack in our nation’s history” compromised the metadata of many Americans and the unencrypted messages of the nation’s top officials, and persists through the work of the China-backed threat actors that make up the group. More recently, a US Senator blocked the director nomination for the top cyber agency (the Cybersecurity and Infrastructure Security Agency, or CISA) due to concerns around the lack of security in the telecommunications industry that allowed for this sort of foreign interference.
Now, China is condemning the US for cyber campaigns in the country. On April 16, 2025, the Harbin Public Security Bureau issued warrants for three US Agents they allege launched advanced cyberattacks during the 2025 Asian Winter Games (also known as Harbin 2025 for being held in Harbin, China). The three suspects identified are agents who work for the National Security Agency (NSA). Two universities, the University of California (UC) and Virginia Tech were also accused of attacking the Asian Winter Games in February.
According to the Harbin Public Security Bureau’s technical team, the cyberattack was organized by the Office of Tailored Access Operation (TAO), which used IP addresses they bought from other countries along with anonymous network servers located all over the world. In their words, The NSA “intended to use cyber attacks to steal the personal privacy data of participating athletes.” The team also claims the NSA tried to interfere with the Games by attacking the event information release system and the arrival/departure system.
In combination with the cyberattacks on Harbin 2025, separate cyber attacks (occurring at a similar time) in the Heilongjiang Province on critical infrastructure organizations in energy, transportation, communications, and national defense research institutes are being attributed to the three NSA agents. The NSA is also being accused of trying to activate specific backdoors on specific devices with the Microsoft Windows operating system. Considering the severity of the charges, it’s not surprising that there is a reward being offered to informants who can provide the relevant intelligence leading to the arrest of the identified NSA agents.
These warrants are just one part of the growing tensions between America and China. The ongoing trade war continues to get worse - as tariffs on most countries were paused, China’s tariffs were increased. The US continues to combat cyber attacks from hackers allegedly sponsored by China, even indicting 10 people for data theft and sanctioning a Chinese tech company (Shanghai Heiying Information Technology Company) this March. The disastrous Salt Typhoon hack, also attributed to China-backed sponsored hackers, is still ongoing. Interestingly enough, just as China claims that their universities were targeted by the NSA, Salt Typhoon also targeted universities in the US.
In the past, China has denied allegations of organizing cyber campaigns in the US. After the US sanctioned Sichuan Silence for its hack of Sophos firewalls and connections to Volt Typhoon operations, Mao Ning, the spokespeople for the Ministry of Foreign Affairs “urge[d] the US to stop using cybersecurity issues to smear and vilify China, and stop imposing illicit unilateral sanctions.”
Now, Lin Jian, another spokesperson for the Ministry of Foreign Affairs, has expanded on Ning’s request: “China has raised clear concerns to the U.S. through various means on its cyber attacks against China’s critical infrastructure. China urges the U.S. to adopt a responsible attitude on cybersecurity, stop conducting cyber attacks against China, and stop groundless vilification and attack against China. China will continue to take what is necessary to safeguard its own cybersecurity.”
While it’s not exactly clear what China deems necessary for their cybersecurity posture, it appears that the NSA will likely continue to regard China as a threat to our nation’s security. Still, another country labeled a security threat, Russia, has experienced the opposite - with the current Defense Secretary stopping the US Cyber Command from planning against the country. It’s very possible that a key difference - the trade war between the US and China - will serve as a critical backdrop for the next cyber news that emerges from either government.