A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data

A hacker has allegedly stolen a massive trove of sensitive data – including highly classified defense documents and missile schematics – from a state-run Chinese supercomputer in what could potentially constitute the largest known heist of data from China.

The dataset, which allegedly contains more than 10 petabytes of sensitive information, is believed by experts to have been obtained from the National Supercomputing Center (NSCC) in Tianjin – a centralized hub that provides infrastructure services for more than 6,000 clients across China, including advanced science and defense agencies.

Cyber experts who have spoken to the alleged hacker and reviewed samples of the stolen data they posted online say they appeared to gain entry to the massive computer with comparative ease and were able to siphon out huge amounts of data over the course of multiple months without being detected.

An account calling itself FlamingChina posted a sample of the alleged dataset on an anonymous Telegram channel on February 6, claiming it contained “research across various fields including aerospace engineering, military research, bioinformatics, fusion simulation and more.”

The group alleges the information is linked to “top organizations” including the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China, and the National University of Defense Technology.

CNN has reached out to China’s Ministry of Science and Technology as well as the Cyberspace Administration of China for comment.

The National Supercomputer Center building in Tianjin, China, on August 18, 2015 Simon Song/South China Morning Post/Getty Images

Cyber security experts who have reviewed the data say the group is offering a limited preview of the alleged dataset, for thousands of dollars, with full access priced at hundreds of thousands of dollars. Payment was requested in cryptocurrency.

CNN cannot verify the origins of the alleged dataset and the claims made by FlamingChina, but spoke with multiple experts whose initial assessment of the leak indicated it was genuine.

The alleged sample data appeared to include documents marked “secret” in Chinese, along with technical files, animated simulations and renderings of defense equipment including bombs and missiles.

“They’re exactly what I would expect to see from the supercomputing center,” said Dakota Cary, a consultant at cybersecurity firm SentinelOne who focuses on China and has reviewed the samples placed online from the alleged hack.

“You would use supercomputer centers for large computational tasks. The swath of samples that the sellers put out kind of really speaks to the breadth of customers that this supercomputing center had,” Cary said.

Most of those customers would have little reason to maintain their own supercomputing infrastructure independently, he added.

Intelligence value

The Tianjin center — the first of its kind in China when it opened in 2009 — is one of several supercomputing hubs located in major cities including Guangzhou, Shenzhen, and Chengdu.

According to Marc Hofer, a cybersecurity researcher and author of the blog NetAskari, the size of the dataset would make it attractive to adversarial state intelligence services.

“Only they probably have the capacity to work through all this data and come back with something useful.”

To put the scale in perspective: one petabyte equals 1,000 terabytes, and a high-spec laptop typically holds around one terabyte.

“There are leaks from China’s cyber ecosystem that I’m familiar with that have sold very quickly,” Cary told CNN. “I’m sure that there are plenty of governments globally that are interested in some of the data at the NSCC, but many of those governments that are interested also may already have the data.”

How did the hacker gain access?

Hofer, who reviewed the sample of the leak, said he was able to contact on Telegram a person who claimed they had carried out the hack. The attacker claimed to have gained access to the Tianjin supercomputer through a compromised VPN domain.

Once inside, the attacker told Hofer they deployed a “botnet” — a network of automated programs that were able enter the NSCC’s system and then extract, download and store the data. The extraction of 10 petabytes of data took around six months.

CNN could not independently verify the account the hacker gave to Hofer.

Cary said the approach was less about technical sophistication and more about architecture.

“You can think of it as having a bunch of different servers that you have access to and you’re pulling data through this hole in the security of the NSCC — pulling some down to one server, some down to the next,” he said.

By distributing the extraction across many systems simultaneously, the attacker reduced the risk of triggering an alert. Somebody on the defensive side is less likely to notice small amounts of data leaving the system compared to large amounts of data going to one location, Cary said.

Cary added that the method, while effective, was not particularly unique.

“It wasn’t, at least my read on it, anything particularly incredible in the way that they pulled out this information,” he said.

Staff members walk past the Tianhe-1 supercomputer at the National Supercomputing Center in Tianjin, China, on November 2, 2010. VCG/Getty Images

Vulnerabilities

The alleged breach, if genuine, points to a potentially deeper vulnerability in China’s technology infrastructure as it vies with the United States to be a world class technology innovator and AI leader. Cybersecurity has long been a known weakness across both the government and private sector, according to Cary.

In 2021, a massive online database apparently containing the personal information of up to one billion Chinese citizens was left unsecured and publicly accessible for more than a year until an anonymous user in a hacker forum offered to sell the data and brought it to wider attention in 2022.

“They’ve really had poor cybersecurity for a very long time across a wide number of industries and organizations,” Cary told CNN. “If you look at what Chinese policymakers say themselves, cybersecurity in China has not been good. They would say it’s still improving at this point in time.”

China’s own government has acknowledged as much.

The country’s National Security White Paper in 2025 listed building “robust security barriers for the network, data, and AI sectors” as a key priority, adding that “China has continued to strengthen the development of coordinated cybersecurity mechanisms, means, and platforms to ensure the security and reliability of key information infrastructure.”