A compromised VPN domain at China's National Supercomputing Center in Tianjin allegedly allowed a hacker to siphon more than 10 petabytes of sensitive data over six months without detection, including documents marked "secret" and missile schematics from defense-linked organizations.
The breach, if genuine, would represent one of the largest known data thefts from Chinese infrastructure. An account calling itself FlamingChina began offering samples on Telegram on February 6, claiming the dataset spans "research across various fields including aerospace engineering, military research, bioinformatics, fusion simulation and more."
The alleged targets include the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China, and the National University of Defense Technology. The center serves more than 6,000 clients across China, including advanced science and defense agencies that rely on centralized supercomputing infrastructure rather than maintaining their own independent systems.
Cybersecurity experts who reviewed the samples told CNN the documents appeared genuine. The dataset includes technical files, animated simulations, and renderings of defense equipment including bombs and missiles.
Dakota Cary, a consultant at SentinelOne who focuses on China:
"They're exactly what I would expect to see from the supercomputing center. You would use supercomputer centers for large computational tasks. The swath of samples that the sellers put out kind of really speaks to the breadth of customers that this supercomputing center had."
The extraction method was architectural rather than technically exotic. The attacker allegedly deployed a botnet to distribute the data extraction across multiple servers simultaneously, pulling smaller amounts to each location rather than triggering alerts with a single massive transfer.
Cary described the approach as effective but unremarkable: "You can think of it as having a bunch of different servers that you have access to and you're pulling data through this hole in the security of the NSCC — pulling some down to one server, some down to the next."
The seller is reportedly pricing limited previews in the thousands of dollars, with full access commanding hundreds of thousands in cryptocurrency. Marc Hofer, a cybersecurity researcher who contacted the alleged hacker on Telegram, noted that the scale would make the dataset attractive primarily to state intelligence services with the capacity to process it.
Hofer:
"Only they probably have the capacity to work through all this data and come back with something useful."
The alleged breach highlights persistent vulnerabilities in Chinese cybersecurity infrastructure as the country pursues technological parity with the United States. A 2022 incident exposed the personal information of up to one billion Chinese citizens through an unsecured database left accessible for more than a year.
China's own 2025 National Security White Paper acknowledged the gap, listing "robust security barriers for the network, data, and AI sectors" as a key priority and noting that cybersecurity across government and industry "has not been good."
Cary noted that plenty of governments globally would be interested in the data from the NSCC, but added that many of those governments may already have it.