Hackers have allegedly stolen large amounts of sensitive data, including top secret defense documents and missile blueprints, from China’s state-run supercomputer, in what could be the largest known data theft from China.
The dataset is said to contain more than 10 petabytes of sensitive information, and experts believe it came from the National Supercomputing Center (NSCC) in Tianjin. NSCC is a centralized hub that provides infrastructure services to more than 6,000 clients across China, including advanced scientific and defense institutions.
Cyber experts who spoke with the suspected hackers and examined samples of the stolen data they posted online said they appeared to have penetrated the giant computer with relative ease and were able to siphon large amounts of data over several months without being detected.
An account calling itself FlamingChina posted a sample of the alleged dataset on an anonymous Telegram channel on February 6, claiming it contained “research across a variety of fields including aerospace engineering, military research, bioinformatics, fusion simulation, and more.”
The group claims the information is related to “top organizations” such as the China Aviation Industry Corporation, the China Civil Aviation Corporation, and the National Defense Technology University.
CNN has reached out to China’s Ministry of Science and Technology and the China Cyberspace Administration for comment.
The group is offering limited previews of the suspect data sets for thousands of dollars, with full access priced in the hundreds of thousands of dollars, according to cybersecurity experts who reviewed the data. Payment in cryptocurrency requested.
CNN has not been able to verify the origin of the alleged dataset or FlamingChina’s claims, but has spoken with multiple experts and initial assessments of the leak indicate it is genuine.
The alleged sample data appears to include documents marked “confidential” in Chinese, as well as technical files, animated simulations, and renderings of defense equipment such as bombs and missiles.
“They’re exactly what I expected from a supercomputing center,” said Dakota Carey, a consultant with the cybersecurity firm Sentinel One who focuses on China and examined samples placed online in the alleged hacking.
“The supercomputer center is used for large-scale computational tasks, and the large number of samples submitted by the seller speaks to the breadth of the supercomputer center’s customer base,” Cary said.
Most of those customers have little reason to maintain their own supercomputing infrastructure, he added.
The Tianjin center is the first of its kind in China, opened in 2009, and is one of several supercomputing hubs in major cities such as Guangzhou, Shenzhen and Chengdu.
Mark Hofer, a cybersecurity researcher and author of the blog NetAskari, says the size of the dataset will make it attractive to hostile national intelligence agencies.
“Perhaps only they have the ability to process all this data and return something useful.”
To put scale in perspective, 1 petabyte is equivalent to 1,000 terabytes, and high-spec laptops typically have around 1 terabyte.
“There were leaks from the Chinese cyber ecosystem that I know very well, and they sold very quickly,” Cary told CNN. “We are confident that there are many governments around the world who are interested in some of the NSCC data, but many of the governments that are interested may already have the data.”
After reviewing the leaked samples, Hofer said he was able to contact the person claiming to have carried out the hack on Telegram. The attackers claimed to have accessed the Tianjin supercomputer through a compromised VPN domain.
Once inside, the attackers deployed a “botnet,” he told Hofer. This is a network of automated programs that can infiltrate NSCC’s systems and extract, download, and store data. Extracting 10 petabytes of data took approximately 6 months.
CNN was unable to independently verify the account the hackers gave Hofer.
Carey said this approach focuses on architecture rather than technical sophistication.
“You can think of this as having a number of different servers that you can access and pulling data through holes in the security of the NSCC. You pull some of it down to one server, some of it to the next server,” he said.
By distributing the extract to many systems simultaneously, the attacker reduced the risk of triggering an alert. Those on the defense are less likely to notice when a system sends a small amount of data than when a large amount of data is sent to one location, Cary said.
Cary added that while the method is effective, it’s not particularly unique.
“The way they pulled this information out was not particularly surprising, at least from what I read,” he says.
If the alleged breaches are genuine, they point to potentially serious vulnerabilities in China’s technology infrastructure as it competes with the United States to become a world-class technology innovator and leader in AI. Carey said cybersecurity has long been a known weakness in both government and the private sector.
In 2021, a massive online database believed to contain the personal information of up to 1 billion Chinese citizens remained unsecured and publicly available for more than a year until it gained widespread attention in 2022 when an anonymous user on a hacker forum offered to sell the data.
“For a very long time, there has been a lack of cybersecurity across industries and organizations,” Carey told CNN. “If you look at what Chinese policymakers themselves are saying, China’s cybersecurity is far from good. They’ll say it’s still improving at this point.”
The Chinese government has acknowledged the same.
The 2025 National Security White Paper cited building “robust security barriers for networks, data, and AI fields” as a key priority, adding that “China continues to strengthen the development of coordinated cybersecurity mechanisms, instruments, and platforms to ensure the safety and reliability of its key information infrastructure.”
