A hacker group operating under the name FlamingChina is claiming to have stolen over 10 petabytes of sensitive data from China’s National Supercomputing Center (NSCC) in Tianjin — a state-run facility that serves more than 6,000 clients across China, including defence agencies, aerospace institutions and advanced research organisations. The alleged dataset is reportedly being offered for sale in cryptocurrency, with a preview access priced at thousands of dollars and full access quoted at hundreds of thousands.
The group posted a sample of the claimed dataset on an anonymous Telegram channel on February 6, 2026, stating it contained “research across various fields including aerospace engineering, military research, bioinformatics, fusion simulation and more.” The post linked the stolen data to top organisations including the Aviation Industry Corporation of China (AVIC), the Commercial Aircraft Corporation of China (COMAC), and the National University of Defense Technology.
Cybersecurity experts who reviewed the samples said the data appeared consistent with what a facility of this scale would hold. China’s Ministry of Science and Technology and the Cyberspace Administration of China had not issued any public statement at the time of reporting. For context on the broader AI and technology security race between major powers, related coverage is available. The alleged breach, if confirmed, would rank among the largest data thefts ever attributed to a single state-run facility.
Inside the Alleged 10-Petabyte Heist
How a compromised VPN reportedly turned into a six-month data drain — step by step
⟶ Attack Anatomy
Tap or click each step to read the detail
Photo Source: Wikimedia Commons / Public Domain
▣ What the Samples Allegedly Contained
◈ Putting 10 Petabytes in Perspective
1 petabyte = 1,000 terabytes. A high-spec laptop typically holds around 1 terabyte.
⊕ What the Experts Said
Background & Prior Incidents
The Tianjin center was the first national supercomputing hub in China when it opened in 2009. It is one of several such facilities across the country, with others operating in Guangzhou, Shenzhen and Chengdu. According to Marc Hofer, only state-level intelligence services likely have the capacity to process the entire 10-petabyte dataset and extract anything operationally useful from it.
This is not China’s first major data exposure. In 2021, a database reportedly containing personal information of up to 1 billion Chinese citizens was left publicly accessible for over a year before it drew attention in 2022, when an anonymous user offered the data for sale. Dakota Cary noted that China’s cybersecurity posture across both government and private sectors has long been considered a structural weak point — a position that Chinese policymakers themselves have publicly acknowledged.
China’s National Security White Paper (2025) listed building “robust security barriers for the network, data, and AI sectors” as a key national priority, alongside continued efforts to strengthen coordinated cybersecurity mechanisms for critical information infrastructure. In the weeks after the alleged breach became public, the Chinese Academy of Sciences reportedly removed several senior officials involved in high-level military R&D — among them Yang Wei, chief designer of the J-20 stealth fighter. No official connection between these removals and the alleged breach has been stated publicly. Those tracking the broader pace of technology and security developments in 2026 have noted this incident as part of a wider pattern of cyber exposure at state-linked facilities.
The alleged breach of China’s National Supercomputing Center in Tianjin was covered in this piece, including the attack method described by the hacker to researcher Marc Hofer, the data categories present in the sample release, the pricing of the dataset on dark web forums, and expert assessments from Dakota Cary (SentinelOne), Marc Hofer (NetAskari), and Jake Moore (ESET).
The authenticity of the dataset has not been independently verified. Chinese authorities — including the Ministry of Science and Technology and the Cyberspace Administration of China — had not issued a public response at the time of publication. The FlamingChina Telegram post dated February 6, 2026, and the associated dark web listing, remained the primary public sources of the claims. Further background on technology infrastructure shifts and platform-level changes in 2026 is available on Giganectar.
