China accuses NSA of 'advanced cyberattacks' during the Asian Winter Games

Metacurity is a reader-supported publication requiring much work and backend expenses. We rely on the generous support of our paid readers. Please consider upgrading your subscription to support Metacurity's ongoing work. Thank you.

If you can't commit to a subscription today, please consider donating whatever you can. Thank you!

Police in the northeastern city of Harbin added three alleged NSA agents to a wanted list and also accused the University of California and Virginia Tech of being involved in the attacks after carrying out investigations.

"The U.S. National Security Agency (NSA) launched cyber attacks against important industries such as energy, transportation, water conservancy, communications, and national defence research institutions in Heilongjiang province," Chinese newspaper Xinhua said, citing the Harbin city public security bureau.

Xinhua said the NSA operations occurred during the Winter Games and were "suspected of activating specific pre-installed backdoors" in Microsoft Windows operating systems on specific devices in Heilongjiang.

To cover its tracks, the NSA purchased IP addresses in different countries and "anonymously" rented many network servers, including in Europe and Asia," Xinhua said.

The news agency said that the NSA intended to use cyberattacks to steal the personal data of participating athletes, adding that the cyber attacks peaked from the first ice hockey game on February 3. The attacks targeted information systems such as the Asian Winter Games registration system and stored "sensitive information about the identities of relevant personnel of the event," Xinhua said

The NSA agents were identified as Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson. The three were also found to have "repeatedly carried out cyber attacks on China's critical information infrastructure and participated in cyber attacks on Huawei [RIC:RIC:HWT.UL] and other enterprises."

It's unclear how the two American universities were involved. (Laurie Chen, Liz Lee, Qiaoyi Li, Colleen Howe, and Farah Master / Reuters)

Related: CGTN, Fortune, Wall Street Journal, Bloomberg, Xinhua, Al Jazeera, r/worldnews, DW,  Al Jazeera English, Hong Kong Free Press HKFP, Ecns

Sources say some of America's biggest banks, including JPMorgan Chase & Co. and Bank of New York Mellon Corp., are limiting the sharing of information with the Office of the Comptroller of the Currency because they are concerned about potential security risks to their computer networks following a major hack of the regulator’s emails.

The moves follow a major breach of the OCC’s email system, in which hackers spied on more than 100 accounts for more than a year.

The OCC and the US Treasury deemed the breach a “major incident” that gave hackers access to highly sensitive information about the financial health of federally regulated financial firms.

As well as standard financial information, the material banks regularly provide to the OCC includes reports about their cybersecurity protections, vulnerability assessments, and even the content of National Security Letters, which often contain highly confidential information about terrorism, espionage, and other investigations. (Jordan Robertson, Jake Bleiberg, Hannah Levitt, and Todd Gillespie / Bloomberg)

Related: Finextra, PYMNTS

Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks.

Hertz said, "On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo's platform in October 2024 and December 2024."

The company says that the data varies per individual but could contain customers' names, contact information, date of birth, credit card information, driver's license information, and information related to workers' compensation claims.

In addition, Hertz says a small number may have had their Social Security numbers or government identification stolen.

Hertz is now offering customers two years of free identity monitoring services and advising those impacted to be on the lookout for potential fraud. (Lawrence Abrams / Bleeping Computer)

Related: Hertz, Reuters, TechCrunch, Security Week, Bloomberg, TechRadar, The Verge, Cybernews, Techzine, Security Affairs, Investing.com, Seeking Alpha

According to a whistleblower declaration filed by Daniel Berulis with Congress, Elon Musk's DOGE initiative appeared to focus on accessing the National Labor Relations Board's internal systems, removing sensitive data and covering its tracks, ignoring standard security practices, and violating conflict of interest requirements, given that Elon Musk's businesses are the subject of NLRB investigations, among other elements.

According to Berulis, DOGE requested access to the data without allowing it to be tracked, violating cardinal cybersecurity practices.

Multiple ongoing cases involve the NLRB and companies controlled by Musk. After a group of former SpaceX employees complained to the NLRB, lawyers representing SpaceX, some recently hired into government jobs, filed suit against the NLRB. They argued that the agency's structure is unconstitutional. (Jenna McLaughlin / NPR)

Related: NPR

The wife of data privacy professor Xiaofeng Wang, who was fired from his tenured job at Indiana University, Bloomington (IU), the same day the couple’s houses were searched by the Federal Bureau of Investigation last month, said that she believes the US government has unfairly targeted her family and is the victim of what she described as “misplaced accusations of academic misconduct.”

This is the first time Ma has spoken publicly since the FBI searches occurred in late March. She appeared at a webinar hosted by the Asian American Scholar Forum (AASF), a nonprofit group formed in early 2021 to advocate for the rights and recognition of Asian American scholars. Ma worked as a library analyst at the university before she was also abruptly fired from IU days before the FBI searched two of the couple's homes.

Wang’s case has raised concerns among academics that a shuttered Department of Justice program called the China Initiative is being revived under the new Trump administration.

The campaign, which was started during President Trump’s first term in office with the stated goal of combating economic espionage, was accused by critics of unfairly targeting Chinese-born researchers and other Asian-immigrant and Asian-American academic communities. The DOJ later abandoned the program under the Biden administration after it lost or withdrew several associated cases. (Zeyi Yang / Wired)

Related: Indiana Daily Student

In an SEC filing, business services giant and government contractor Conduent said a hacker accessed a “limited” portion of the company’s systems and stole files for some clients.

The company said that an “operational disruption” occurred on Jan. 13. It restored affected systems and returned to normal operations within days or sometimes hours.

The stolen files were associated with a “limited” number of clients. Due to their complexity, Conduent engaged data mining experts and determined that the data sets contained “a significant number of individuals’ personal information associated with our clients’ end-users.” The company is continuing to analyze the incident to determine the impact of the stolen data and is informing clients “as appropriate to determine next steps as required by federal and state law.”

The stolen data hasn’t yet been posted on the dark web or “otherwise publicly,” the company said. (Andrew Martin / Bloomberg)

Related: CRN, Bleeping Computer, Cybernews, iZOOlogic

In an SEC filing, dialysis chain provider DaVita said it was hit by a ransomware attack that encrypted certain elements of its network, and some of its operations remained disrupted despite interim measures.

The company has continued to provide patient care while taking measures to restore certain functions, but it could not "estimate the duration or extent of the disruption at this time."

DaVita discovered the cyberattack on Saturday and is now assessing the incident with third-party cybersecurity professionals. It has also notified law enforcement about the attack. (Bhanvi Satija / Reuters)

Related: SEC, Bleeping Computer, Healthcare Innovation, The HIPAA Journal, San Antonia Express-News, Modern Healthcare, TechTarget, BankInfoSecurity, CT Insider, Wall Street Journal

KiloEx, a decentralized perpetuals trading platform, confirmed it suffered a $7.5 million exploit on April 15 due to a price oracle vulnerability, which prompted the exchange to suspend all platform operations while investigations continue.

The exploit was first detected by the blockchain security platform Cyvers Alerts. Security experts quickly identified the attack as targeting multiple blockchains, including Base, opBNB, and BNB Chain (BSC).

KiloEx immediately took action to contain the breach. “The team has immediately suspended platform usage and is working with security partners to trace the flow of funds,” the company stated in an April 14 announcement on X (formerly Twitter). (Oliver Dale / CoinCentral)

Related: crypto.news, cryptorank, Decrypt, CoinDesk

Recent layoffs at the Department of Health and Human Services that were supposed to affect only "redundant or unnecessary administrative positions" included one entire IT division encompassing the chief information officer, chief security officer, and all IT workers.

According to HHS, across the department's 28 divisions, the department had 41 chief information officers. (Andrew Fox / Healthcare IT News)

Related: Wired

Apple announced it will begin analyzing data on customers’ devices to improve its artificial intelligence platform. This move is designed to safeguard user information while helping Apple catch up with AI rivals.

Apple typically trains AI models using synthetic data—information meant to mimic real-world inputs without personal details. However, that synthetic information doesn’t always represent actual customer data, making it harder for its AI systems to work properly.

The new approach will address that problem while ensuring that user data remains on customers’ devices and isn’t directly used to train AI models. The idea is to help Apple catch up with competitors such as OpenAI and Alphabet Inc., which have fewer privacy restrictions.

The company will roll out the new system in an upcoming beta version of iOS, iPadOS 18.5, and macOS 15.5. Developers were provided a second beta test of those forthcoming releases.

The iPhone maker also said it is bringing privacy-centric ways to improve the models that power other Apple Intelligence features, such as Image Playground, Image Wand, Memories Creation, and Visual Intelligence. (Mark Gurman / Bloomberg)

Related: Macworld, 9to5Mac, MacRumors, AppleInsider, Apple Machine Learning Redmond Pie, BGR, iClarified

The UK government's latest annual data breach survey shows the number of ransomware attacks on the isles is increasing, with many organizations forced to constantly informally request company directors for defense spending because there are no security people on the board.

Compared to the previous year, when the survey showed that less than 0.5 percent of organizations reported ransomware events, the proportion has risen to 1 percent of all organizations, an estimated 19,000.

The survey split the data between businesses and charities, revealing the former is far more susceptible to ransomware. The data showed that 7 percent of businesses (micro, small, medium, and large) that were victims of cybercrime were hit by ransomware in the past 12 months. However, this represents 1 percent of businesses overall.

The proportion of charities that were ransomware victims stood at fewer than 0.5 percent. (Connor Jones / The Register)

Related: BetaNews, Tech Monitor, The Stack, ITPro, GOV.UK

Best Thing of the Day: Big Balls' Lasting Legacy?

A recent ransomware operation that has revealed a blend of technical sophistication and psychological manipulation, setting it apart from conventional attacks, has been named DOGE BIG BALLS Ransomware in honor of one of Elon Musk's most infamous DOGE workers.

Worst Thing of the Day: Plundering Sensitive Government Data to Hunt Down Desperate Immigrants

Elon Musk's DOGE initiative is using personal data normally protected from dissemination to find undocumented immigrants where they work, study, and live, often intending to remove them from their housing and the workforce.

Closing Thought