A cybersecurity incident of unprecedented scale has reportedly targeted China's National Supercomputing Center in Tianjin, with hackers claiming to have stolen over 10 petabytes of highly classified data. The breach, if confirmed, would represent one of the largest data thefts in modern cybersecurity history.

Key Facts

Target Facility: National Supercomputing Center (NSCC), Tianjin Data Volume: Over 10 petabytes (10 million gigabytes) Timeline: Breach occurred over 6 months in 2025 Affected Organizations: 6,000+ institutions and agencies Asking Price: Thousands to hundreds of thousands of dollars in cryptocurrency

What Happened

The Attack

  • Entry Point: Compromised VPN domain
  • Method: Botnet deployment for gradual data extraction
  • Duration: 6 months of steady data siphoning
  • Detection: Breach went unnoticed by facility operators

The Hacker

  • Alias: "FlamingChina"
  • First Public Announcement: February 6, 2026 via Telegram
  • Current Status: Offering data for sale on dark web forums

Compromised Data

The stolen information reportedly includes:

Military & Defense

  • Missile schematics and weapon designs
  • Aerospace engineering simulations
  • Classified defense documents marked "secret" in Chinese
  • Military technology research data

Scientific Research

  • Fusion simulation data
  • Bioinformatics research
  • Advanced computational models
  • Engineering documentation

Key Organizations Affected

  • Aviation Industry Corporation of China (AVIC)
  • Commercial Aircraft Corporation of China (COMAC)
  • National University of Defense Technology
  • Numerous state-owned enterprises and universities

Expert Analysis

Security Assessment

"They're exactly what I would expect to see from the supercomputing center. The swath of samples that the sellers put out kind of really speaks to the breadth of customers that this supercomputing center had."
— Dakota Cary, SentinelOne Cybersecurity Consultant

Attack Methodology

The hackers employed a sophisticated but not groundbreaking approach:

  • Distributed extraction across multiple systems
  • Small data chunks to avoid triggering security alerts
  • Extended timeline to maintain stealth
  • Network segmentation weaknesses exploited

Global Implications

National Security Impact

  • Potential exposure of China's defense capabilities
  • Risk of foreign intelligence access to military secrets
  • Compromise of years of research and development

Cybersecurity Concerns

  • Highlights vulnerabilities in critical infrastructure
  • Questions China's cyber defense capabilities
  • Potential for similar attacks on other facilities

Economic Ramifications

  • Intellectual property theft worth billions
  • Competitive intelligence exposure
  • Impact on China's technological advancement

Official Response

Chinese Government

  • No official statement confirming or denying the breach
  • Ministry of Science and Technology: No response to inquiries
  • Cyberspace Administration of China: Silent on the matter

International Community

  • Cybersecurity experts analyzing leaked samples
  • Intelligence agencies monitoring the situation
  • Calls for improved critical infrastructure protection

Market Activity

Dark Web Sales

  • Sample previews: Available for thousands of dollars
  • Full dataset access: Priced at hundreds of thousands
  • Payment method: Cryptocurrency (Monero preferred)
  • Listing price: As low as 10 Monero coins (~$3,700)

Technical Details

The Tianjin Facility

  • Established: 2009 (China's first major supercomputing center)
  • Capacity: Serves 30+ provinces and cities
  • Client base: 1,600+ core institutions
  • Previous system: Tianhe-1 (formerly world's fastest supercomputer)

Breach Methodology

  1. Initial Access: Compromised VPN credentials
  2. Persistence: Established botnet infrastructure
  3. Exfiltration: Gradual data extraction over 6 months
  4. Monetization: Dark web sales and cryptocurrency payments

Industry Context

China's Cybersecurity Challenges

  • Long-standing vulnerabilities in government and private sectors
  • Previous incidents including billion-citizen database exposure
  • 2025 National Security White Paper prioritized cyber defenses

Supercomputing Importance

  • Critical for China's technological leadership goals
  • Dual-use nature raises U.S. security concerns
  • Central to AI and defense research capabilities

What's Next

Immediate Concerns

  • Damage assessment by affected organizations
  • Intelligence analysis of compromised data
  • Security reviews of other critical facilities

Long-term Implications

  • Enhanced cybersecurity measures for critical infrastructure
  • Potential diplomatic tensions
  • Increased scrutiny of China's cyber defenses

Verification Status

Important Note: While multiple cybersecurity experts have reviewed sample data and assessed it as likely genuine, the full scope and authenticity of the breach remain under investigation. CNN and other major outlets have been unable to independently verify all claims made by the hackers.

Timeline of Events

  • Mid-2025: Initial breach occurs
  • February 6, 2026: First public announcement on Telegram
  • March 2026: Story gains traction in cybersecurity circles
  • April 8, 2026: Major media outlets report the incident
  • April 11, 2026: Ongoing investigation and analysis