Over 10 petabytes of sensitive military and research data reportedly compromised from Tianjin's National Supercomputing Center
Category: Technology
In a stunning breach of cybersecurity, a hacker has allegedly siphoned off more than 10 petabytes of sensitive data from a state-run supercomputer in China, marking what could be the largest known data heist in the country’s history. The data, which includes highly classified defense documents and missile schematics, is believed to have been taken from the National Supercomputing Center (NSCC) in Tianjin, a facility that provides infrastructure services for over 6,000 clients, including advanced science and defense agencies.
The hacker, operating under the pseudonym FlamingChina, posted a sample of the stolen data on an anonymous Telegram channel on February 6. This sample claimed to encompass research across various fields, including aerospace engineering, military research, bioinformatics, and fusion simulation. Experts who have reviewed the data assert that it appears genuine, raising alarms about the security of one of China’s most strategically important computing hubs.
According to cybersecurity experts, the sheer volume of the data stolen—over 10 petabytes—is staggering. To put this into perspective, one petabyte equals 1,000 terabytes, and a high-spec laptop typically holds around one terabyte. The implications of such a breach are enormous, particularly as the dataset reportedly contains information linked to major organizations such as the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China, and the National University of Defense Technology.
Cybersecurity analyst Dakota Cary, who has examined the leaked material, noted, “They’re exactly what I would expect to see from the supercomputing center. You would use supercomputer centers for large computational tasks. The swath of samples that the sellers put out really speaks to the breadth of customers that this supercomputing center had.”
Experts indicate that the hacker managed to infiltrate the NSCC with comparative ease, extracting data over several months without raising alarms. The attacker reportedly gained access through a compromised VPN domain and deployed a botnet—an automated network of programs—to extract and store data across multiple servers. This distributed approach allowed the hacker to avoid detection by security systems that monitor for unusual data movements.
Marc Hofer, a cybersecurity researcher who contacted the hacker, explained that the extraction process took approximately six months. “You can think of it as having a bunch of different servers that you have access to and you’re pulling data through this hole in the security of the NSCC,” Cary elaborated. “By distributing the extraction across many systems simultaneously, the attacker reduced the risk of triggering an alert.”
The hacker is reportedly offering limited previews of the data for thousands of dollars, with full access priced at hundreds of thousands, and payment is requested in cryptocurrency. This raises questions about the security of the NSCC and about the potential buyers for such sensitive information. Experts believe that only state intelligence services would have the capacity to process and analyze such a massive dataset effectively.
Jake Moore, a Global Cybersecurity Advisor at ESET, commented, “This could be absolutely huge, and it shows even top-tier, state-backed infrastructure isn’t immune to relentless attacks. When a target is this lucrative and holds such a treasure trove of information, it is often assumed inevitable that it would be attacked constantly via a range of sophisticated techniques.”
If the breach is confirmed, it would not only be embarrassing for the Chinese government but could also expose vulnerabilities in its technological infrastructure. China has been striving to become a leader in technology and artificial intelligence, and this incident highlights persistent weaknesses in cybersecurity that have been acknowledged by the government itself. In its 2025 National Security White Paper, China emphasized the need for “robust security barriers for the network, data, and AI sectors,” acknowledging that cybersecurity has been a longstanding issue.
Historically, China’s cybersecurity has faced scrutiny, with previous incidents illustrating systemic vulnerabilities. For example, in 2021, a massive online database containing the personal information of approximately one billion Chinese citizens was left unsecured for over a year, only drawing attention when a hacker forum offered the data for sale.
As the implications of this breach continue to unravel, the incident raises urgent questions about the security of sensitive infrastructure not only in China but globally. The potential for such vast amounts of classified and sensitive information to be compromised serves as a stark reminder of the challenges faced in the digital age.
Requests for comment from China’s Ministry of Science and Technology and the Cyberspace Administration have gone unanswered, leaving many to wonder how the government will respond to this massive breach. The fallout from this incident could have far-reaching consequences, for China’s cybersecurity policies and for international relations, especially with countries that may seek to exploit the information.
As the world watches, the need for stronger cybersecurity measures has never been more pressing. How will China address these vulnerabilities, and what steps will be taken to prevent future breaches? The answers to these questions may shape the future of cybersecurity and international relations in the years to come.