10-Petabyte BREACH Shocks China’s Supercomputer

Hooded figure with binary code background.

A hacker’s claim of stealing 10 petabytes from a Chinese state supercomputer is a reminder that even authoritarian “fortress” systems can spring devastating leaks with global consequences.

Quick Take

An actor using the name “FlamingChina” claims it breached China’s National Supercomputing Center in Tianjin and stole more than 10PB of data.
Reportedly leaked material includes defense-linked files, missile and aerospace research, and high-end simulations, but the full 10PB haul remains unverified.
Cybersecurity reviewers say some samples appear authentic and include “secret”-marked documents, while China has not publicly confirmed or denied the breach.
The alleged months-long, undetected exfiltration raises questions about institutional accountability and the real-world security posture of critical research infrastructure.

What the hacker claims to have taken—and why the scale matters

Reporting says a hacker or group calling itself “FlamingChina” posted samples on Telegram on February 6, 2026, claiming it breached the National Supercomputing Center (NSCC) in Tianjin and stole more than 10 petabytes of data. The alleged trove includes sensitive defense documents, missile-related schematics, aerospace engineering research, military R&D, bioinformatics data, and fusion simulation files. The actor is reportedly trying to sell the dataset for cryptocurrency, with pricing ranging from hundreds of thousands to millions of dollars.

Ten petabytes is not a small leak; it is the kind of volume that can represent years of institutional work product, including research pipelines, simulation outputs, and engineering documentation. If the claims are broadly accurate, the incident would stand out not only for the national-security sensitivity of the alleged content, but also for the disruptive effect of a mass disclosure that can be copied endlessly, resold widely, and mined for insight by any buyer with resources.

Why NSCC Tianjin is a strategic target

NSCC Tianjin is described as a major node in China’s high-performance computing ecosystem, with roots going back to China’s early-2000s supercomputing push and its establishment in 2009. The center is associated with systems such as Tianhe-1A, and it supports national priorities spanning AI, defense, and scientific research. Reporting also says the facility serves roughly 6,000 clients, including major aerospace and defense-linked institutions, making it a concentration point for valuable intellectual property and sensitive modeling data.

The alleged data categories matter because supercomputing centers do more than store files; they run the simulations that turn theory into deployable capability. If aerospace designs, hypersonics-related work, or military simulation outputs are present, those materials could help a competitor shorten development time or identify weaknesses. Even if only partial datasets were taken, the operational value can come from metadata, project structure, and internal documentation that reveals what a program is prioritizing and where it is struggling.

What can be verified—and what remains unproven

The biggest limitation is verification. Reports indicate cybersecurity experts reviewed samples and found indicators that at least some documents look real, including files marked “secret” in Chinese and technical-looking materials consistent with the claims. At the same time, outlets emphasize that independent confirmation of the full 10PB figure is lacking. China’s relevant government entities have offered no public comment as of the reports cited, leaving outside observers to assess credibility based on sample quality and consistency.

Months-long exfiltration is the real security failure

Accounts cited in coverage suggest the actor may have had months of access, with data potentially exfiltrated over time without detection. If that detail is correct, it points to a deeper institutional weakness than a one-off intrusion: it suggests monitoring, segmentation, and data-loss prevention did not reliably flag unusual movement. In any system housing high-value research, “how long” an attacker stayed inside can matter as much as “how” they got in, because persistent access enables careful selection and larger thefts.

From a U.S. perspective, the story lands in a complicated place. Many Americans are frustrated with “deep state” secrecy and unaccountable bureaucracies at home, yet the same citizens also want strong defenses against adversaries and a clear-eyed view of global threats. This alleged breach, if validated, would underscore that state power does not automatically equal competent governance. It also highlights a sober reality: in a digital world, the theft and resale of sensitive research can shift military and economic balances without a single shot fired.