Menu
Browse

Cyber Incident Victim: National Supercomputing Center

Date:

Feb 2026

Location:

China

Summary

The National Supercomputing Center in Tianjin was allegedly compromised by a hacker group called FlamingChina, which exfiltrated over ten petabytes of sensitive data including defense documents, missile schematics, aerospace research and simulation files. The group posted a sample of the stolen material on Telegram and offered full access for hundreds of thousands of dollars, requesting payment in cryptocurrency. According to experts who reviewed the sample, the intrusion likely occurred through a compromised VPN domain, with a botnet used to siphon data over several months without triggering alerts. The compromised data is said to be linked to organizations such as the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China and the National University of Defense Technology.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actor Type Location
1 actor Available to members Available to members

Description

According to a CNN report dated April 8 2026, a hacker allegedly breached the National Supercomputing Center (NSCC) in Tianjin and exfiltrated a massive trove of sensitive data, including highly classified defense documents and missile schematics. The alleged intruder, operating under the name FlamingChina, posted a sample of the stolen material on an anonymous Telegram channel on February 6 2026, claiming it contained research across aerospace engineering, military research, bioinformatics, fusion simulation and other fields. In conversations with cybersecurity researcher Marc Hofer, the attacker said access was obtained through a compromised VPN domain, after which a botnet was deployed to siphon data from the NSCC’s systems over roughly six months. The extraction was distributed across many servers simultaneously to avoid triggering alerts that would notice large transfers to a single location. The sample data shared on Telegram included files marked “secret” in Chinese, technical documents, animations and simulations of defense equipment such as bombs and missiles.

Cyber Incident Image

Experts who reviewed the sample told CNN that the purported dataset exceeds 10 petabytes, equivalent to more than 10 000 terabytes, and would be attractive to adversarial state intelligence services due to its size and content. FlamingChina offered a limited preview of the data for thousands of dollars and full access for hundreds of thousands of dollars, requesting payment in cryptocurrency. CNN could not independently verify the origin of the leaked material or the hacker’s claims, but consulted multiple specialists whose initial assessment indicated the leak appeared genuine based on the technical details and markings present in the sample. The reported breach was described by analysts as potentially the largest known data heist from China to date. The attackers’ method was characterized as relying more on architectural weaknesses than on advanced technical sophistication.

In response to the allegations, CNN contacted China’s Ministry of Science and Technology and the Cyberspace Administration of China for comment, though no official reply was detailed in the sources. Cybersecurity consultant Dakota Cary of SentinelOne and researcher Marc Hofer of NetAskari noted that the incident underscores long‑standing cybersecurity challenges within China’s government and private sector, referencing the country’s 2025 National Security White Paper which identified building robust security barriers for network, data and AI sectors as a key priority. The sources do not provide further information on containment, remediation or any additional response actions taken by the NSCC or Chinese authorities.

Sources
Sources available to members
2 sources