Massive Alleged Data Breach: FlamingChina Hackers Claim Theft of 10PB of Chinese Military Data
A hacker group known as FlamingChina has allegedly stolen over 10 petabytes (PB) of sensitive military and research data from China’s National Supercomputing Center (NSCC) in Tianjin, marking what could be the country’s largest known data breach. The stolen dataset offered for sale via an anonymous Telegram channel on February 6 includes classified defense documents, missile information, aerospace engineering research, bioinformatics, and fusion simulation data.
The hackers claim the data originates from top Chinese organizations, including the Aviation Industry Corporation of China (AVIC), Commercial Aircraft Corporation of China (COMAC), and the National University of Defense Technology. They are demanding hundreds of thousands of dollars in cryptocurrency for the full dataset, though the breach remains unverified. However, cybersecurity experts who reviewed samples suggest the data may be authentic.
How the Breach Unfolded
Cybersecurity analysts indicate that FlamingChina likely exfiltrated data over several months undetected, exploiting potential vulnerabilities in the NSCC’s infrastructure. Researcher Marc Hofer noted that an outdated 2020 admin manual for the HPC3 supercomputer cluster publicly accessible online may have aided the hackers in navigating the system and VPN setup.
Scale and Implications
The sheer volume of stolen data is unprecedented. Jeff Wichman of Semperis compared it to the U.S. Library of Congress, which, if fully digitized, would contain roughly 3-4PB only a fraction of the alleged theft. The breach represents a major escalation in cyber espionage, with potential national security ramifications for China.
Possible Fallout
A South China Morning Post report suggests the incident may be linked to the removal of senior experts in aviation, nuclear weapons, radar, and missile systems from the Chinese Academy of Engineering (CAE) in March. While the connection remains speculative, the timing raises questions about internal security reviews or disciplinary actions following the breach.
The NSCC, a critical provider of supercomputing services to over 6,000 clients, including defense and scientific agencies, has not officially confirmed the breach. If verified, the incident would underscore significant gaps in China’s cybersecurity defenses amid growing global tensions over digital espionage.
Aviation Industry Corporation of China TPRM report: https://www.rankiteo.com/company/comac_2
"id": "com1775846277",
"linkid": "comac_2",
"type": "Breach",
"date": "2/2026",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'customers_affected': 'Over 6,000 clients, including '
'defense and scientific agencies',
'industry': 'Defense, Aerospace, Scientific Research',
'location': 'Tianjin, China',
'name': 'National Supercomputing Center (NSCC) in '
'Tianjin',
'type': 'Government/Research Institution'},
{'industry': 'Aerospace, Defense',
'location': 'China',
'name': 'Aviation Industry Corporation of China (AVIC)',
'type': 'State-owned Enterprise'},
{'industry': 'Aerospace',
'location': 'China',
'name': 'Commercial Aircraft Corporation of China '
'(COMAC)',
'type': 'State-owned Enterprise'},
{'industry': 'Defense, Technology',
'location': 'China',
'name': 'National University of Defense Technology',
'type': 'Educational/Research Institution'},
{'industry': 'Engineering, Defense',
'location': 'China',
'name': 'Chinese Academy of Engineering (CAE)',
'type': 'Research Institution'}],
'attack_vector': 'Exploitation of vulnerabilities in infrastructure, '
'potential use of outdated admin manual',
'data_breach': {'data_exfiltration': 'Yes, over several months undetected',
'sensitivity_of_data': 'High (military and research data)',
'type_of_data_compromised': ['Classified defense documents',
'Missile information',
'Aerospace engineering research',
'Bioinformatics',
'Fusion simulation data']},
'date_publicly_disclosed': '2024-02-06',
'description': 'A hacker group known as FlamingChina has allegedly stolen '
'over 10 petabytes (PB) of sensitive military and research '
'data from China’s National Supercomputing Center (NSCC) in '
'Tianjin, marking what could be the country’s largest known '
'data breach. The stolen dataset includes classified defense '
'documents, missile information, aerospace engineering '
'research, bioinformatics, and fusion simulation data.',
'impact': {'brand_reputation_impact': 'Significant gaps in China’s '
'cybersecurity defenses highlighted',
'data_compromised': '10PB of sensitive military and research data',
'operational_impact': 'Potential national security ramifications, '
'internal security reviews',
'systems_affected': 'National Supercomputing Center (NSCC) in '
'Tianjin, HPC3 supercomputer cluster'},
'initial_access_broker': {'data_sold_on_dark_web': 'Offered for sale via '
'Telegram',
'entry_point': 'Potential exploitation of '
'vulnerabilities in NSCC’s '
'infrastructure, use of outdated '
'admin manual',
'high_value_targets': ['Defense documents',
'Missile information',
'Aerospace research'],
'reconnaissance_period': 'Several months'},
'investigation_status': 'Unverified, samples reviewed by cybersecurity '
'experts suggest authenticity',
'motivation': 'Financial gain (ransom demand), cyber espionage',
'post_incident_analysis': {'root_causes': 'Potential vulnerabilities in '
'infrastructure, outdated admin '
'manual, undetected exfiltration '
'over months'},
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': 'Hundreds of thousands of dollars in '
'cryptocurrency'},
'references': [{'date_accessed': '2024-02-06',
'source': 'Anonymous Telegram channel'},
{'source': 'Marc Hofer (Researcher)'},
{'source': 'Jeff Wichman of Semperis'},
{'source': 'South China Morning Post'}],
'response': {'communication_strategy': 'No official confirmation from NSCC'},
'threat_actor': 'FlamingChina',
'title': 'Massive Alleged Data Breach: FlamingChina Hackers Claim Theft of '
'10PB of Chinese Military Data',
'type': 'Data Breach',
'vulnerability_exploited': 'Potential vulnerabilities in NSCC’s '
'infrastructure, outdated 2020 admin manual for '
'HPC3 supercomputer cluster'}