By Mari Hansen Imagining one anonymous person sitting somewhere and silently watching classified Chinese defense data—such as aerospace engineering files, fusion simulations, and missile blueprints—flow into storage drives for six continuous months is unsettling. Not a nation-state enterprise with a budget and a war room. Only a botnet, a hacker, and a weakly secured VPN door left slightly open at one of the world’s most potent computing hubs.
There has never been a secret about Tianjin’s National Supercomputing Center. Built to be China’s computational crown jewel, it was first opened in 2009 and at one point housed some of the world’s fastest machines. Every day, it receives the most delicate workloads from over 6,000 institutional clients, including defense universities, aerospace companies, and state-run agencies.
| Detail | Information |
|---|---|
| Full Name | National Supercomputing Center (NSCC), Tianjin |
| Established | 2009 |
| Location | Tianjin, China |
| Primary Function | High-performance scientific and defense computing |
| Total Clients | 6,000+ active institutional and state users |
| Notable Clients | Aviation Industry Corporation of China, National University of Defense Technology, COMAC |
| Alleged Data Stolen | 10 Petabytes — equivalent to 10,000 terabytes |
| Breach Method | Compromised VPN domain + silent botnet deployment |
| Hacker Identity | Anonymous — operating as “FlamingChina” on Telegram |
| Data Type Exposed | Missile schematics, defense documents, aerospace simulations, bioinformatics research |
| First Detected | Early February 2026 |
| Data Offered For | Thousands (preview) to hundreds of thousands in cryptocurrency (full access) |
| Cybersecurity Expert | Marc Hofer — confirmed VPN breach method via direct Telegram contact |
| Reference | CNN Report on the Breach |
Nuclear fusion modeling, weapon trajectory simulations, and military-scale bioinformatics are examples of computations that regular servers cannot handle. It’s not a data center. China’s aspirations are shaped by that infrastructure. This is why it is so hard to comprehend what is said to have occurred here.
An anonymous user going by the handle “FlamingChina” appeared on a Telegram channel at some point in early February 2026 and posted a sample. Not a little one. Ten petabytes, or ten thousand terabytes, of classified material taken straight from what is thought to be the NSCC in Tianjin made up the dataset they claimed to have.
The samples were not disregarded by cybersecurity researchers who examined them. The documents, which included technical renderings of missiles, aerospace documents, and defense-classified material that no one outside of specific government corridors should ever see, were independently verified to be consistent with the type of work actually done at that facility.
This might be the biggest data breach in China’s history. There is ongoing discussion about that framing. However, the scale on its own merits consideration.
Most observers are more impressed by the method than by the amount of theft. After contacting FlamingChina directly through Telegram, cybersecurity researcher Marc Hofer told CNN that a compromised VPN domain was the first point of entry. It is not a zero-day exploit that targets systems that are classified. Not some complex, multi-layered security infrastructure infiltration that takes months. A VPN weakness. The digital equivalent of discovering a brick-propped emergency exit in a building.
After gaining access, the hacker set up a botnet, which is a collection of automated programs made to move stealthily, extract data in dispersed fragments across several servers, and never set off a threshold that would have alerted monitoring systems.
The botnet operated slowly rather than trying a single large download that would have triggered every alarm. purposefully. Ten petabytes left China over the course of six months, drip by drip, without the nation’s cybersecurity apparatus seemingly noticing.
To be honest, the most terrifying aspect of the entire tale is that patience. A smash-and-grab is not the same as something that functions like a long, silent exhale.
What they purportedly stole in tiers has been sold by FlamingChina. For several thousand dollars, a “limited preview” was available. The cost of complete, unrestricted access was in the hundreds of thousands; naturally, cryptocurrency was required.
According to experts, only highly developed state-level intelligence services would actually possess the infrastructure necessary to process and utilize 10 petabytes of unprocessed technical data. which brings up a number of unsettling issues regarding who might have already paid for access.
For its part, China has not made many official statements. There is a pattern to that. Instead of being publicly acknowledged, previous cybersecurity incidents within Chinese infrastructure have usually been downplayed or handled covertly.
However, this one is more difficult to control because independent researchers have already confirmed some of the data as authentic, not because of the media attention, though that is important. The narrative is no longer speculative.
It’s still unclear if China’s high-performance computing infrastructure security will be drastically altered as a result of this breach. SentinelOne researcher Dakota Cary has previously noted that China’s offensive cyber capabilities have long surpassed its defensive posture, a common imbalance in nations that prioritize projection over protection.
The defense of critical infrastructure was a major focus of Beijing’s 2025 National Security White Paper. When a hacker has been silently depleting one of the facilities those words were meant to protect for the past six months, a document like that reads differently.
Perhaps more than anything else, this episode shows that raw computing power does not equate to security. The NSCC in Tianjin was able to run simulations that were beyond the capabilities of most machines in the world.
It provided services to thousands of the most delicate institutions in China. However, at some point in its design, the VPN door was left open long enough for a single person working alone and using Telegram to enter and steal what might be the most private cache of Chinese defense information ever lost.
It’s difficult to avoid thinking that the true vulnerability revealed here isn’t technical when observing this from the outside. It’s the presumption that security in one domain follows from scale and sophistication in another. A supercomputer was constructed in China. It seems to have neglected to lock it completely.