A hacker has reportedly stolen a large trove of sensitive data — including highly classified defense documents and missile plans — from a state-run Chinese supercomputer in what could potentially be the largest known data theft from China.
The dataset, which reportedly contains more than 10 petabytes of sensitive information, is believed by experts to have been obtained from the Tianjin-based National Supercomputing Center (NSCC) – a centralized hub that provides infrastructure services to more than 6,000 clients across China, including advanced science and defense agencies.
Cyber experts who have spoken to the alleged hackers and reviewed samples of the stolen data they posted online say they appear to have gained access to massive computers with relative ease and were able to siphon off large amounts of data over a period of several months without detection.
An account calling itself FlamingChina posted a sample of the alleged dataset on an anonymous Telegram channel on February 6, claiming it contained “research in a variety of fields including aerospace engineering, military research, bioinformatics, fusion simulation and more.”
The group alleged that the information was linked to “top institutions” including the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China and the National University of Defense Technology.
CNN has reached out to China’s Ministry of Science and Technology and the Cyberspace Administration of China for comment.
The National Supercomputer Center building in Tianjin, China on August 18, 2015 – Simon Song/South China Morning Post/Getty Images
Cybersecurity experts who have reviewed the data say the group is offering a limited preview of the alleged dataset for thousands of dollars, with full access priced in the hundreds of thousands of dollars. Payment was requested in cryptocurrency.
CNN could not verify the origin of the alleged dataset and the claims made by FlamingChina, but spoke to several experts whose initial assessment of the leak indicated it was genuine.
The alleged sample data appears to include documents marked “secret” in Chinese, technical files, animated simulations and renderings of defense equipment including bombs and missiles.
“They’re exactly what I expected to see from a supercomputing center,” said Dakota Carey, a consultant at cybersecurity firm SentinelOne who focuses on China and has reviewed samples posted online from the alleged hack.
“You’re going to use supercomputer centers for large computational tasks. The number of samples that vendors put out really speaks to the breadth of customers that this supercomputing center has,” Carey said.
Most of those customers would have little reason to independently maintain their own supercomputing infrastructure, he added.
intellectual value
The Tianjin center – the first of its kind in China when it opened in 2009 – is one of several supercomputing centers located in major cities including Guangzhou, Shenzhen and Chengdu.
According to Mark Hofer, a cybersecurity researcher and author of the blog NetAskari, the size of the dataset makes it attractive to adversary state intelligence services.
“Only if they have the ability to work through all this data and come back with something useful.”
To put the scale in perspective: one petabyte equals 1,000 terabytes, and a high-spec laptop typically holds one terabyte.
“There are leaks from China’s cyber ecosystem that I know have sold very quickly,” Carrey told CNN. “I’m sure there are many governments around the world that are interested in some data on the NSCC, but many of those governments that are interested may already have the data.”
How did the hacker gain access?
Hofer, who reviewed a sample of the leak, said he was able to contact a person on Telegram who claimed they had been hacked. The attacker claimed to have gained access to Tianjin Supercomputer through a compromised VPN domain.
Once inside, the attacker told Hofer that they had deployed a “botnet” — a network of automated programs that were able to break into NSCC’s systems and then extract, download and store data. It took about six months to extract 10 petabytes of data.
CNN could not independently verify the account the hacker gave to Hofer.
Carey said the approach was less about technical sophistication and more about architecture.
“You can think of it as a bunch of different servers that you have access to and you’re pulling data through this hole in NSCC’s security — pulling some down one server, some down another,” he said.
By distributing the extract to multiple systems simultaneously, the attacker reduced the risk of triggering an alert. Someone on the defensive side is less likely to see a small amount of data leaving the system than a large amount of data going into one location, Carey said.
Carey added that the method, while effective, was not particularly unique.
“It was, at least not my reading of it, nothing particularly incredible in the way they extracted this information,” he said.
Employees walk past the Tianhe-1 supercomputer at the National Supercomputing Center in Tianjin, China on November 2, 2010. – VCG/Getty Images
Weaknesses
The alleged breach, if true, points to a potentially deeper risk to China’s technology infrastructure as it competes with the United States to be a world-class technology innovator and AI leader. According to Carey, cybersecurity has long been a known weakness in both the government and private sectors.
In 2021, a massive online database containing the personal information of a billion Chinese citizens was left unsecured and publicly accessible for more than a year until an anonymous user on a hacker forum offered to sell the data and brought it to wider attention in 2022.
“They’ve had really weak cybersecurity in a lot of industries and organizations for a very long time,” Carey told CNN. “If you look at what Chinese policymakers themselves say, cyber security in China is not good. They say it’s still improving at the moment.”
China’s own government has admitted as much.
The country’s National Security White Paper in 2025 lists “stronger security barriers for network, data, and AI sectors” as a key priority, adding, “China continues to strengthen the development of coordinated cyber security mechanisms, means, and platforms to ensure the security and reliability of key information infrastructure.”
Create an account at CNN.com for more CNN news and newsletters
