China’s Tianjin Supercomputer Center Allegedly Hit in 10-Petabyte Data Theft

A threat actor has allegedly executed one of the largest data heists in China’s history, siphoning an astounding 10 petabytes of highly classified information from the National Supercomputing Center (NSCC) in Tianjin.

The stolen dataset reportedly includes sensitive defense documents, missile schematics, and advanced aerospace research.

The Tianjin center serves as a centralized infrastructure hub for more than 6,000 clients across China.

Because most of these clients rely entirely on the NSCC rather than maintaining their own supercomputing hardware, a single network breach has effectively compromised thousands of downstream organizations simultaneously.

Tianjin Supercomputer Data Theft

Operating under the moniker “FlamingChina,” the hacker leaked a sample of the stolen data on an anonymous Telegram channel in early February.

The threat actor is currently offering limited previews of the data for thousands of dollars in cryptocurrency, with full network access priced in the hundreds of thousands.

To put the sheer volume of this breach into perspective, 10 petabytes is equivalent to 10,000 terabytes, roughly enough data to completely fill 10,000 high-end consumer laptops. Key details of the compromised data include:

  • Impacted sectors span aerospace engineering, military research, fusion simulation, and bioinformatics.
  • Targeted organizations feature top-tier state entities like the Aviation Industry Corporation of China and the National University of Defense Technology.
  • Stolen files contain animated defense simulations, technical schematics, and documents explicitly marked “secret” in Chinese.

Cybersecurity experts who reviewed the leaked samples, including SentinelOne consultant Dakota Cary, have stated the data appears genuine and aligns perfectly with the types of computational tasks handled by the facility.

How the Attackers Bypassed Security

Stealing 10 petabytes of data without triggering massive network alarms requires patience and careful architectural manipulation.

According to CNN, cybersecurity researcher Marc Hofer, who communicated with the alleged hacker, the initial access point was a compromised VPN domain.

Once inside the NSCC’s network, the attacker deployed a botnet to systematically extract, download, and store the data.

The exfiltration process was a slow burn, taking approximately six months to complete. Rather than relying on highly sophisticated zero-day exploits, the attackers used a distributed extraction method.

By pulling data through multiple different servers simultaneously, they kept the outbound traffic volume low enough to evade standard network monitoring tools.

Small, continuous streams of data leaving a system are much less likely to trigger defensive alerts than a massive, single-point transfer.

This incident highlights ongoing structural weaknesses in China’s technology and defense infrastructure.

Despite the country’s rapid advancement in artificial intelligence and supercomputing, cybersecurity remains a persistent challenge for both state-run and private sectors.

The Chinese government has recently acknowledged these exact challenges. The country’s 2025 National Security White Paper explicitly prioritized building robust security barriers for network and data sectors.

However, as this massive exfiltration demonstrates, securing vast, centralized data hubs against persistent threat actors remains a complex and ongoing battle.

Intelligence agencies worldwide likely view this newly exposed dataset as a goldmine, though advanced state actors may already possess some of the compromised information.

Related Articles

Back to top button
QVrSk TawlYGPv PMW ks oPV