External forces attack China's critical network infrastructure during 9th Asian Winter Games: report

A recent report released by the National Computer Virus Emergency Response Center on Thursday revealed that during the 9th Asian Winter Games in Harbin in February, external forces attempted to disrupt and interfere with the event through cyberattacks. These attacks even targeted critical network infrastructure in an attempt to create chaos and steal sensitive intelligence. According to monitoring data, 63.24 percent of the traced attacks originated from the US.
According to the "Cyber Threat Report of the 9th Asian Winter Games Harbin 2025" released by National Computer Virus Emergency Response Center and National Engineering Laboratory for Computer Virus Prevention Technology, during the Winter Games, the information systems of competition and the critical network infrastructures in Heilongjiang Province were targeted by numerous cyberattacks from abroad, with most originating from the US, the Netherlands, and other countries and regions.
The 9th Asian Winter Games was held in Harbin, Northeast China's Heilongjiang Province from February 7 to 14.
According to log analysis and data statistics from the Information Systems of Competition (ISCs), from January 26 to February 14, 270,167 cyberattacks from abroad took place. The attack frequency surged between February 7 to February 13, peaking on February 8.
"Under the active joint efforts of the cyber security team, these cyberattacks failed to have a serious impact on the games. However, it further highlights the severe situation where China's network suffers from frequent overseas attacks," the report stated.
Monitoring data revealed that since the opening of the first ice hockey game on February 3, the abnormal network traffic such as network asset discovery scans and massive port scanning to the ISCs has continued to increase, accompanied by a large number of exploitation attempts. The attacks target multiple ISCs, among which the three systems with the largest number of attacks are the information service system, the arrival and departure management system and the charging card system.
Among the identified sources of attacks, 170,864 attacks came from the US, accounting for 63.24 percent. It was followed by Singapore (40,449 times, accounting for 14.97 percent), the Netherlands (12,414 times, accounting for 4.95 percent), Germany (6,682 times, accounting for 2.47 percent), South Korea (1,281 times, accounting for 0.47 percent) and other countries and regions, according to the report.
During the event, cybersecurity teams blocked 12,602 high-risk foreign IP addresses. These addresses had attempted malicious scanning and exploits targeting the ISCs, aiming to steal data or directly damage systems. Most originated from Digital Ocean cloud service hosts.
From January 31 to February 14, cyberattacks on critical network infrastructure in Heilongjiang Province came mainly from the US and its allies, says the report. Statistics show that during this period, the top three sources of the attacks were the Netherlands (37.98 million times), US (11.79 million times), and Thailand (7.2 million times). Australia, the United Kingdom, Germany, Lithuania, Canada, Japan and Singapore, in turn, ranked fourth to tenth.
"It is worth noting that in January 2025, the National Computer Network Emergency Response Technical Team/Coordination Center of China has released the investigative reports detailing recent cyberattacks on Chinese tech firms from US intelligence agencies. The report also stated that the US frequently used cloud servers in the Netherlands, Germany, and other European countries as proxy or relay hosts," the report read.
"In response, the cybersecurity team conducted attribution analysis. Based on the TTPs, timeline, timezone, language and other behavioral characteristics, cyber security team highly suspected that the cyberattacks on ISCs and the critical network infrastructures in Heilongjiang Province during the 9th Asian Winter Games were related to the US government," the report read.
"We strongly condemn such malicious cyberattacks against international civilian exchanges activities, and we will submit the attack details and evidence to public security authorities," the report stressed.
In response to a media inquiry about the cyberattacks, Chinese Foreign Ministry spokesperson Guo Jiakun said, "We have taken note of the report and are seriously concerned about the malicious cyber activities it exposes."
The report once again shows that China is one of the main victims of cyberattacks globally, Guo noted.
"During the 2025 Asian Winter Games, the US and some of its allies were the main sources of cyberattacks against China," Guo said. He urged the US to adopt a responsible attitude, engage in self-reflection, and refrain from smearing others. China will continue to take necessary measures to safeguard its cybersecurity, he added.
Du Zhenhua, a senior engineer from the National Computer Virus Emergency Response Center, told the Global Times that the latest report serves as the strongest rebuttal to the US' repeated hype about alleged Chinese cyberattacks..
He noted that the US continued to exaggerate false information about cyberattacks on the US by so-called "Chinese-backed" organizations. "The US has repeatedly made unfounded accusations against China while failing to provide any solid evidence—this is a classic case of the thief crying stop thief," he stated.
The expert noted that documents, including those leaked by Edward Snowden, proved that the US National Security Agency and other departments had implemented a strategy of cyber deterrence by means of backdoor programs, research and development of cyberweapons, improvement of attacking means, and exploitation of allied networks, and that they have continued developing proactive cyberattacking capabilities, infiltrating and infringing on the cyber sovereignty of multiple nations.
The US conducts indiscriminate and boundless cyber-espionage worldwide and is truly the "Hacker Empire" of global cyber surveillance, Du said.