New Delhi: It was sometime in the middle to late months of 2025 when a hacker, later known publicly under the alias FlamingChina, first slipped into the systems of China’s National Supercomputing Center in Tianjin. The facility, one of the country’s most important high-performance computing hubs, quietly supported thousands of research projects for universities, scientific institutes, and defence-related organisations working on everything from aerospace designs to advanced military simulations.
Using a compromised VPN domain as the entry point, the intruder moved carefully, avoiding any dramatic actions that might raise alarms in the multi-user environment, where network segmentation was weaker than expected.
Instead of rushing, the hacker deployed a botnet to pull data out in small, steady streams over the following six months, slowly amassing more than 10 petabytes of files without triggering the kind of alerts that usually accompany large-scale exfiltration.
Inside those terabytes lay a trove of sensitive material, including classified documents marked “secret”, detailed simulation models of high-penetration weapons striking targets such as the American HIMARS rocket system, aircraft carriers, and reinforced bunkers, along with aerospace engineering data, missile schematics, nuclear fusion calculations, explosion analyses, and research tied to major Chinese defence and aviation entities.
The hacker later claimed the access felt surprisingly straightforward once inside, relying more on architectural oversights than cutting-edge exploits.
All the while, the centre’s operators appeared unaware that vast amounts of computational output were quietly vanishing.
The public phase of the story began on 6 February 2026. That day, an anonymous Telegram channel under the name FlamingChina began posting teaser samples of the stolen dataset, claiming it contained research spanning aerospace engineering, military systems, bioinformatics, fusion simulation, and more.
Around the same time, related aliases surfaced on dark web forums , advertising the archive for sale in cryptocurrency, with file indexes offered for as little as 10 Monero and full access priced far higher.
Cybersecurity researchers who examined the previews, including directory listings, internal network screenshots, and classified simulation documents, found them consistent with the type of work handled at the Tianjin centre and increasingly credible.
Word spread gradually through niche investigator circles and Substack analyses by mid-March 2026, with early social media threads sharing the leaked visuals and debating the breach’s scale.
Then, on 8 April, major outlets brought the incident into the global spotlight, quoting experts who had spoken with the alleged hacker and reviewed the samples. They described how the data had been siphoned over months with relative ease, raising serious questions about security at one of China’s critical national computing resources.
As of 9 April, the full 10-petabyte collection has not been dumped publicly or independently audited in its entirety, and it remains under the hacker’s control and up for sale.
The Chinese government has issued no official statement confirming or denying the breach.
