China Supercomputer Hack: Massive Data Breach Exposes Sensitive Information

A significant cybersecurity incident has reportedly occurred in China, with a hacker allegedly stealing a staggering 10 petabytes of sensitive data from a state-run supercomputer. This potential breach, if verified, could represent the largest known data heist in China’s history, raising serious concerns about national security and technological vulnerabilities.

The Scale of the Breach

The compromised data is believed to have originated from the National Supercomputing Center (NSCC) in Tianjin, a crucial infrastructure hub serving over 6,000 clients, including prominent science and defense agencies. Experts suggest the hacker gained access with relative ease and extracted the massive dataset over several months without detection. The sheer volume of data – 10 petabytes – is equivalent to 1,000 terabytes, far exceeding the storage capacity of typical laptops.

What Was Stolen?

According to claims made by a group calling itself FlamingChina on a Telegram channel, the stolen data encompasses research across diverse fields, including aerospace engineering, military research, bioinformatics, and fusion simulation. The group alleges links to key organizations such as the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China, and the National University of Defense Technology. Samples of the data reportedly include documents marked “secret” in Chinese, alongside technical files and simulations of defense equipment like bombs and missiles.

Dakota Cary, a cybersecurity consultant at SentinelOne specializing in China, confirmed the authenticity of the samples reviewed. “They’re exactly what I would expect to see from the supercomputing center,” Cary stated. “You would use supercomputer centers for large computational tasks.”

How Was the Hack Accomplished?

A person claiming to be the hacker contacted cybersecurity researcher Marc Hofer via Telegram, alleging access was gained through a compromised VPN domain. Once inside, the attacker reportedly deployed a “botnet” – a network of automated programs – to extract, download, and store the data over approximately six months. While CNN couldn’t independently verify this account, experts believe the method focused on distributing the data extraction across multiple systems to avoid triggering security alerts.

Cary explained that this approach isn’t necessarily a display of advanced technical skill, but rather a strategic exploitation of architectural vulnerabilities. “It wasn’t, at least my read on it, anything particularly incredible in the way that they pulled out this information,” he said.

Implications and Broader Context

This alleged breach highlights potential weaknesses in China’s technology infrastructure as it strives to compete with the United States in technological innovation and artificial intelligence. Cybersecurity has been a long-standing concern across both the government and private sectors in China. This incident echoes previous large-scale data leaks, such as the 2021 exposure of a database containing the personal information of up to one billion Chinese citizens.

China’s National Security White Paper in 2025 identifies strengthening cybersecurity for network, data, and AI sectors as a key priority. However, experts suggest that significant improvements are still needed. As Cary noted, “They’ve really had poor cybersecurity for a very long time across a wide number of industries and organizations.”

The stolen data is likely to attract the attention of intelligence agencies worldwide, though Cary suggests many governments may already possess similar information. The incident underscores the growing importance of robust cybersecurity measures in an increasingly interconnected world.

Further Reading: Council on Foreign Relations – China