China’s National Computer Virus Emergency Response Center on Thursday released a report detailing how external forces attempted to disrupt the 9th Asian Winter Games in Harbin this February through cyberattacks.
While the event garnered widespread attention both domestically and internationally, it also became a target for cyberattacks, according to the report.
The agency stated that the cyberattacks primarily aimed at critical network infrastructure in an attempt to induce chaos and steal sensitive data with a significant majority of the traced attacks originated from the United States.
“The information systems for the competition and the critical network infrastructures in Heilongjiang Province were targeted by numerous cyberattacks from abroad, with most originating from the US, the Netherlands, and other countries and regions,” the report noted.
The centre revealed that its data monitoring indicated abnormal network traffic since the games’ opening on February 3, including network asset discovery scans and extensive port scanning directed at the ISCs. The number of attacks fluctuated, with a notable increase between February 7 and February 13, peaking on February 8.
“Among the identified sources of attacks, 170,864 originated from the US, accounting for 63.24 percent. This was followed by Singapore (40,449 times, accounting for 14.97 percent), the Netherlands (12,414 times, accounting for 4.95 percent), Germany (6,682 times, accounting for 2.47 percent), South Korea (1,281 times, accounting for 0.47 percent), and other countries and regions,” it explained.
However, the agency stated that the cyberattacks did not have a serious impact on the games, although they highlight the significant threat posed by frequent overseas attacks on China’s network.
The centre further disclosed that during the sporting event, cybersecurity teams blocked 12,602 high-risk foreign IP addresses. The listed addresses are said to have attempted malicious scanning and exploits targeting the ISCs, with the intent to steal data or directly damage systems. Most, according to the report, were traced back to Digital Ocean cloud service hosts.
“It is noteworthy that in January 2025, the National Computer Network Emergency Response Technical Team/Coordination Centre of China released investigative reports detailing recent cyberattacks on Chinese tech firms by US intelligence agencies. The report also stated that the US frequently utilized cloud servers in the Netherlands, Germany, and other European countries as proxy or relay hosts,” the report stated.
“We strongly condemn such malicious cyberattacks against international civilian exchange activities and will submit the attack details and evidence to public security authorities,” stated the centre.
Du Zhenhua, a senior engineer from the National Computer Virus Emergency Response Center, remarked that the latest report serves as an indictment of the US amid its repeated claims regarding alleged Chinese cyberattacks. He noted that the US continues to exaggerate false information about cyberattacks attributed to so-called “Chinese-backed” organizations.
“The US has repeatedly made unfounded accusations against China while failing to provide any solid evidence—this is a classic case of the thief crying ‘stop thief,’” he stated.
The official highlighted that documents, including those leaked by Edward Snowden, prove that the US National Security Agency and other departments have implemented a strategy of cyber deterrence through backdoor programmes, the research and development of cyberweapons, the enhancement of attacking capabilities, and the exploitation of allied networks. He further pointed out that they have continued to develop proactive cyberattacking capabilities, infiltrating and infringing on the cyber sovereignty of multiple nations.
The report condemned cyberattacks targeting major international events and confirmed that details had been submitted to public security authorities.
