A hacker has allegedly stolen more than 10 petabytes of sensitive data from China’s National Supercomputing Center (NSCC) in Tianjin, in what cybersecurity experts say would be the largest known data heist from a Chinese state-run system. The stolen dataset reportedly includes classified defense documents, missile schematics, aerospace engineering files and advanced scientific research.
An account calling itself FlamingChina posted a sample of the alleged dataset on an anonymous Telegram channel on February 6, claiming it contained research across multiple fields including aerospace engineering, military research, bioinformatics and fusion simulation. The group claims the data is linked to top Chinese organizations including the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China and the National University of Defense Technology.
The Tianjin center, the first of its kind in China when it opened in 2009, serves as a centralized hub providing infrastructure services for more than 6,000 clients across the country, including advanced science and defense agencies. Cybersecurity experts who reviewed the posted samples said the data appeared genuine.
Dakota Cary, a consultant at cybersecurity firm SentinelOne who focuses on China, said the files were “exactly what I would expect to see from the supercomputing center.” The samples appeared to include documents marked “secret” in Chinese, along with technical files, animated simulations and renderings of defense equipment including bombs and missiles.
According to cybersecurity researcher Marc Hofer, who contacted a person on Telegram claiming responsibility for the hack, the attacker gained access through a compromised VPN domain. Once inside, the hacker deployed a botnet, a network of automated programs that entered the NSCC’s system and extracted data across multiple servers simultaneously over the course of approximately six months.
Cary described the method as effective but not particularly sophisticated. By distributing the extraction across many systems at once, the attacker reduced the risk of triggering security alerts. Small amounts of data leaving the system to different locations are harder to detect than large transfers going to a single destination.
The hacker is offering a limited preview of the dataset for thousands of dollars, with full access priced at hundreds of thousands of dollars payable in cryptocurrency. To put the scale in perspective, one petabyte equals 1,000 terabytes. A high-spec laptop typically holds around one terabyte. Hofer said the size of the dataset would make it attractive primarily to state intelligence services. “Only they have the capacity to work through all this data and come back with something useful,” he said.
The alleged breach, if confirmed, points to a deeper vulnerability in China’s technology infrastructure as it competes with the United States on AI, advanced computing and defense technology. In 2021, a massive online database containing the personal information of up to one billion Chinese citizens was left unsecured and publicly accessible for more than a year before a hacker forum post brought it to wider attention in 2022.
China’s own government has acknowledged the problem. Its 2025 National Security White Paper listed building “robust security barriers for the network, data, and AI sectors” as a key priority.
China’s Ministry of Science and Technology and the Cyberspace Administration of China have not responded to requests for comment.
