Join The Club
Earlier this year, dark web hackers claimed to have exfiltrated a huge amount of data from the National Supercomputing Center (NSCC) in Tianjin, China. The hacker group FlamingChina claims that it stole 10 petabytes of data pertaining to advanced science and defence agencies within China. However, a number of security researchers have since cast doubt on the leak's legitimacy.
As far as I can tell, NetAskari was the first to bring the data leak to wider attention back in February 2026 via X, before further delving into a sample of the leaked files on their SubStack.
NetAskari was able to obtain a multi-gigabyte sample of the allegedly stolen data. This includes screenshots of the internal system directory layout and user credentials as supporting evidence that some kind of hack did take place.
Beyond that, this sample also included PDFs of reports and handbooks, radar test data, and physics simulation renderings depicting "the effect of payloads and weapon systems against certain targets and materials."
❗️The leaked sample data from China's National Supercomputing Center in Tianjin includes a video of what seems to be a simulation of a bunker buster bomb, designed to penetrate bunkers and damage underground structures. https://t.co/AC2PmfTZTj pic.twitter.com/Br4vQqLCViMarch 19, 2026
China's NSCC undertakes supercomputing tasks from about 6,000 clients, potentially explaining the breadth of files.
CNN has since picked up the story, reaching out to China’s Ministry of Science and Technology as well as the Cyberspace Administration of China for comment. At the time of writing, there has been no official comment on the data breach. That could be for a number of security reasons, but there's also a chance that this leak is simply not legitimate.
For instance, security researcher and malware archivist Vx-underground expressed their scepticism via X, writing, "Something about this story is very strange to me. I've been doing cybersecurity stuff for a long, long time [...] I have not seen the moniker 'FlamingChina' before."
NetAskari notes that the hacker group FlamingChina has had a Telegram channel since at least February 5. That said, they also say this is less likely a permanent 'base of operations', so to speak and more likely just a short-term alias.
Chinese government super computer (allegedly) compromised and (allegedly) 10PB exfiltrated.The source is CNN.Something about this story is very strange to me. I've been doing cybersecurity stuff for a long, long time. I'm usually on top of most cybersecurity incidents,… pic.twitter.com/tFLrDet4MWApril 9, 2026
They also write that getting 10 petabytes out of any high-security facility without being noticed over months and months would be quite a feat if it were legitimate. "Did they truly get 10 PB!? We don't know. To extract such an amount of data means, you have to be lodged in the system over a longer period of time," NetAskari writes.
"Most likely with the help of someone from the inside. Even if the cyber security is a little bit shoddy, eventually someone probably would notice a constant data extraction process of this size."
CNN posits a botnet-based approach that could have distributed the extraction of data across many sources simultaneously, thereby making such an attack difficult to trace.
Vx-underground is more intrigued about the practicalities of holding on to all of that data. "I'm also very curious [about] the 10 PETABYTES of data exfiltrated because [that] is an unfathomable number," they write, "10PB is 10,000 TB. Even in cold storage that's roughly $43,000/month. If it's 'hot storage' you're looking at something like, $150,000/month, that doesn't even include the fees for moving the data which would be ASTRONOMICAL."
CNN itself reached out to a number of experts to speak to the authenticity of the leak's contents, including Dakota Cary. A consultant at SentinelOne, a cybersecurity firm focusing on China, Cary told CNN that the leak's contents were what he would expect given the alleged source, elaborating, "You would use supercomputer centers for large computational tasks. The swath of samples that the sellers put out kind of really speaks to the breadth of customers that this supercomputing center had."
That doesn't sound like the most damning evidence to me. Cary also went on to share that China has had "really poor cybersecurity for a very long time across a wide number of industries and organizations." He went on to tell CNN, "If you look at what Chinese policymakers say themselves, cybersecurity in China has not been good. They would say it’s still improving at this point in time."
1. Best gaming chair: Secretlab Titan Evo
2. Best gaming desk: Secretlab Magnus Pro XL
3. Best gaming headset: Razer BlackShark V3
4. Best gaming keyboard: Asus ROG Strix Scope II 96 Wireless
5. Best gaming mouse: Razer DeathAdder V4 Pro
6. Best PC controller: GameSir G7 Pro
7. Best steering wheel: Logitech G Pro Racing Wheel
8. Best microphone: Shure MV6 USB Gaming Microphone
9. Best webcam: Elgato Facecam MK.2
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
