On February 6, 2026, the cybersecurity world was rocked by the emergence of a hacker group calling itself FlamingChina, which posted a sample of what it claimed was one of the largest data breaches in Chinese history. The group announced on Telegram that it had stolen more than 10 petabytes of sensitive data from the National Supercomputing Center (NSCC) in Tianjin, a critical node in China’s technological infrastructure that serves over 6,000 institutions, including key defense and scientific agencies. The breach, if verified, would mark the largest known data theft in China and has sent shockwaves through the global security community.
According to reports from CNN and other outlets, the stolen trove includes highly classified documents, technical files, animated simulations, and schematics related to aerospace engineering, military research, bioinformatics, and fusion simulations. Among the organizations whose data was allegedly compromised are some of China’s most prominent: the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China, and the National University of Defense Technology. The implications of such a breach are enormous, not just for China, but for the global landscape of cybersecurity and technological competition.
Cybersecurity experts who have analyzed the leaked samples say the data appears to be genuine. Dakota Cary, a consultant at cybersecurity firm SentinelOne, reviewed the materials and noted, “They’re exactly what I would expect to see from the supercomputing center.” Cary explained that supercomputing centers like the one in Tianjin are used for large computational tasks across a broad range of scientific and defense fields, and the diversity of the sample data reflects the breadth of the center’s clientele. “The swath of samples that the sellers put out kind of really speaks to the breadth of customers that this supercomputing center had,” he told CNN.
What makes the breach even more alarming is the method of the attack. According to cybersecurity researcher Marc Hofer, who managed to contact someone claiming to be the hacker behind the breach, access was gained through a compromised VPN domain. Once inside, the attacker deployed a botnet—a network of automated programs—to systematically extract data from the NSCC’s servers. This process, remarkably, went undetected for about six months, during which the hackers siphoned off the massive 10-petabyte dataset. Cary explained that the extraction was distributed across multiple servers simultaneously, minimizing the risk of detection: “Somebody on the defensive side is less likely to notice small amounts of data leaving the system compared to large amounts of data going to one location.”
The hackers have not only claimed responsibility but are actively attempting to monetize the breach. They are offering limited previews of the dataset for a few thousand dollars, with full access priced in the hundreds of thousands or even millions, and demanding payment in cryptocurrency. The sample data includes documents marked “secret” in both Chinese and Ukrainian, technical files, animated renderings, and images of advanced defense equipment such as bombs and missiles. Cybersecurity analysts who have reviewed the samples find them credible, though media outlets like CNN have not been able to independently authenticate the full dataset or all of FlamingChina’s claims.
The scale of the breach is staggering. To put it in perspective, one petabyte equals 1,000 terabytes—a high-end consumer laptop typically contains just one terabyte of storage. As Cary noted, “There are leaks from China’s cyber ecosystem that I’m familiar with that have sold very quickly. I’m sure that there are plenty of governments globally that are interested in some of the data at the NSCC, but many of those governments that are interested also may already have the data.” Hofer added that only adversarial state intelligence services would likely have the capacity to process such a vast trove of information and extract actionable intelligence from it.
The breach has highlighted longstanding concerns about the state of cybersecurity in China. As CNN and Mezha reported, experts have long viewed cyber defense as a weak link in China’s technological ambitions, both in the government and private sectors. This is not the first time Chinese infrastructure has been found wanting: in 2021, a massive online database containing the personal data of up to one billion Chinese citizens was left unprotected for over a year, only coming to light when an anonymous user offered it for sale on a hacker forum in 2022.
China’s own policymakers have acknowledged these vulnerabilities. The country’s 2025 National Security White Paper listed the construction of “robust security barriers for the network, data, and AI sectors” as a top priority, emphasizing the need for coordinated cybersecurity mechanisms to protect key information infrastructure. As Cary put it, “If you look at what Chinese policymakers say themselves, cybersecurity in China has not been good. They would say it’s still improving at this point in time.”
The breach also raises questions about the international ramifications of such incidents. With China and the United States locked in a global race for technological leadership, particularly in fields like artificial intelligence, any sign of weakness in one country’s cyber defenses is closely watched by the other. The NSCC in Tianjin, opened in 2009 as China’s first supercomputing center, has long been a symbol of the country’s ambitions in high-performance computing. Its compromise, if confirmed, would be a blow not only to national pride but also to the security of vast swathes of sensitive research and development data.
Cybersecurity experts stress the urgent need for better protections and international cooperation to defend critical infrastructure from such threats. As noted in Mezha and The News International, the breach underscores the importance of strengthening strategies for resilience, not just in China but globally. The 2025 National Security White Paper’s call for improved coordination and robust barriers is a recognition of the scale of the challenge ahead.
For now, the full impact of the breach remains uncertain. While experts agree that the data appears credible and the method of extraction plausible, independent verification of the entire dataset is still lacking. The Chinese government has not yet issued a detailed public response, and the world is left to watch as the story develops. What is clear, however, is that the breach has exposed critical vulnerabilities in China’s cyber infrastructure and has sent a warning shot across the bow of every nation reliant on complex, interconnected digital systems.
As the dust settles, the incident serves as a stark reminder: in the digital age, even the most advanced technological fortresses can be breached, and the consequences can reverberate far beyond national borders.