editorially independent. We may make money when you click on links
to our partners.
Learn More
Threat actors are claiming responsibility for what could be one of the largest data breaches in China’s history — allegedly stealing more than 10 petabytes of data from a key national supercomputing facility tied to scientific and defense research.
“The reports that hackers with the alias of FlamingChina stole 10 petabytes of data containing Chinese military secrets is on a level that is both shocking and unimaginable,” said Jeff Wichman, Director of Incident Response at Semperis in an email to eSecurityPlanet.
He explained, “To put this massive theft in context, the U.S. Library of Congress if it were completely digitalized (videos, images, books, manuscripts, audio) would have several petabytes, only about a third of what the FlamingChina stole and is now trying to resell.”
Inside the Alleged Tianjin Supercomputing Breach
The National Supercomputing Center in Tianjin is a key component of China’s advanced computing infrastructure, supporting more than 6,000 clients across academic, industrial, and defense sectors.
This level of centralization creates significant risk, as a single breach could expose sensitive research, intellectual property, and national security data from thousands of organizations at once.
Early reports suggest the stolen data may include missile designs and defense documents, raising concerns about geopolitical risks and impacts on technological competitiveness.
How The Alleged Attack Unfolded
The intrusion may have originated through a compromised virtual private network (VPN) domain.
After gaining initial access, the attacker reportedly leveraged a botnet to expand their foothold, moving laterally across systems and exfiltrating large volumes of data over a period of approximately six months.
If accurate, the attack suggests a mix of credential compromise and weak network segmentation — common challenges in complex, distributed environments.
The reported six-month dwell time suggests gaps in monitoring or visibility, giving attackers extended time to identify and extract sensitive data.
The release of sample data aligns with a common tactic, where limited disclosures are used to establish credibility and draw attention before full verification.
While Chinese authorities have not confirmed the breach, the scale and sensitivity of the claims are drawing attention from security professionals.
CNN reported reaching out to China’s Ministry of Science and Technology as well as the Cyberspace Administration of China for comment, but did not receive a response at the time of publication.
How Organizations Can Strengthen Cyber Defenses
While the Tianjin breach remains unconfirmed, it underscores several practical steps organizations — especially those managing high-performance computing or centralized infrastructure — should prioritize.
- Harden remote access and enforce strong identity controls by securing VPNs, enabling MFA, and adopting zero trust principles.
- Limit lateral movement through network segmentation and least privilege access across users, systems, and workloads.
- Monitor for anomalous activity using tools such as EDR/XDR and centralized logging to identify persistence and unusual behavior.
- Control data exfiltration risks by implementing data loss prevention (DLP), monitoring outbound traffic, and restricting large or abnormal transfers.
- Strengthen privileged access management by using just-in-time access, credential rotation, and session monitoring for administrative accounts.
- Improve visibility and resilience through continuous threat hunting, long-term log retention, and the use of deception technologies where appropriate.
- Regularly test and refine incident response plans while conducting audits of configurations, access controls, and system activity to ensure readiness.
Together, these measures help organizations build resilience against similar threats while limiting the potential blast radius of a successful compromise.
Growing Risk to Centralized Computing Environments
This incident underscores how high-value computing infrastructure continues to attract attention in cyber operations.
Supercomputing centers support advanced research, defense, and industrial workloads, making them sensitive environments where a single compromise can have broad implications.
As more organizations centralize critical workloads, the potential impact of a breach across multiple entities increases.
These risks are driving increased interest in zero trust solutions, which help organizations reduce exposure by continuously verifying access and limiting trust.
