Who's planting backdoors in Windows, and why is China speaking up now?
Chinese authorities have accused the U.S. National Security Agency (NSA) of launching advanced cyberattacks during the Asian Winter Games, held in February in Harbin. According to China’s state-run Xinhua News Agency, the attacks targeted key sectors such as energy, transportation, telecommunications, water resources, and defense research institutions in Heilongjiang Province.
The Harbin police have issued wanted notices for three alleged NSA operatives: Katherine A. Wilson, Robert J. Snelling, and Steven W. Johnson. They are accused of multiple cyberattacks against China’s critical infrastructure, including major strikes on Huawei and other domestic enterprises. The official report claims these actions aimed to undermine stability, steal confidential information, and sow chaos.
In addition to the named agents, China also implicated two U.S. universities — the University of California and Virginia Tech — although their specific roles were not detailed. The U.S. Embassy in China has not provided any public comment on the accusations.
According to the Chinese statement, the NSA used anonymized servers and IP addresses rented across Europe and Asia to mask its activity. The attacks reportedly peaked on February 3, the day of the first hockey match, and were allegedly directed at participant registration systems. The goal, according to Beijing, was to steal athletes' personal data and gain access to logistical and organizational information for the Games.
Perhaps the most striking claim is that the NSA activated "pre-installed backdoors" in Windows operating systems on specific devices within the region — reigniting long-standing suspicions that commercial software from U.S.-based companies could be leveraged for surveillance by intelligence agencies.
These accusations come amid escalating trade and diplomatic tensions between the U.S. and China. The standoff has already resulted in the suspension of American film imports into China and travel warnings issued by Beijing for Chinese citizens visiting the U.S. In return, Washington continues to accuse Chinese state-linked hackers of cyberespionage targeting U.S. government departments and allied nations.
Just last month, the U.S. formally charged a group of alleged Chinese hackers with attacks on the U.S. Department of Defense, Department of Commerce, and foreign affairs ministries of Taiwan, South Korea, India, and Indonesia — charges which Beijing has consistently denied.
The fresh wave of accusations reflects not only deepening geopolitical mistrust, but also the growing weaponization of cyberspace — where software backdoors, surveillance malware, and zero-day exploits are becoming tools of modern statecraft.