Hackers claim they've breached a Chinese supercomputer and are demanding huge amounts of crypto for the data, but security researchers are sceptical
Earlier this year, dark web hackers claimed to have exfiltrated a huge amount of data from the National Supercomputing Center (NSCC) in Tianjin, China. The hacker group FlamingChina claims that it stole 10 petabytes of data pertaining to advanced science and defence agencies within China. However, a number of security researchers have since cast doubt on the leak's legitimacy.
As far as I can tell, NetAskari was the first to bring the data leak to wider attention back in February 2026 via X, before further delving into a sample of the leaked files on their SubStack.
According to them, a dark web forum user going by the handle 'airborneshark1' initially offered a sample of the full leak for $3,000 USD (in cryptocurrency, of course), before offering up all 10 petabytes to the highest bidder.
NetAskari was able to obtain a multi-gigabyte sample of the allegedly stolen data. This includes screenshots of the internal system directory layout and user credentials as supporting evidence that some kind of hack did take place.
Beyond that, this sample also included PDFs of reports and handbooks, radar test data, and physics simulation renderings depicting "the effect of payloads and weapon systems against certain targets and materials."
❗️The leaked sample data from China's National Supercomputing Center in Tianjin includes a video of what seems to be a simulation of a bunker buster bomb, designed to penetrate bunkers and damage underground structures. https://t.co/AC2PmfTZTj pic.twitter.com/Br4vQqLCViMarch 19, 2026
China's NSCC undertakes supercomputing tasks from about 6,000 clients, potentially explaining the breadth of files.
CNN has since picked up the story, reaching out to China’s Ministry of Science and Technology as well as the Cyberspace Administration of China for comment. At the time of writing, there has been no official comment on the data breach. That could be for a number of security reasons, but there's also a chance that this leak is simply not legitimate.
For instance, security researcher and malware archivist Vx-underground expressed their scepticism via X, writing, "Something about this story is very strange to me. I've been doing cybersecurity stuff for a long, long time [...] I have not seen the moniker 'FlamingChina' before."
NetAskari notes that the hacker group FlamingChina has had a Telegram channel since at least February 5. That said, they also say this is less likely a permanent 'base of operations', so to speak and more likely just a short-term alias.
Chinese government super computer (allegedly) compromised and (allegedly) 10PB exfiltrated.The source is CNN.Something about this story is very strange to me. I've been doing cybersecurity stuff for a long, long time. I'm usually on top of most cybersecurity incidents,… pic.twitter.com/tFLrDet4MWApril 9, 2026
They also write that getting 10 petabytes out of any high-security facility without being noticed over months and months would be quite a feat if it were legitimate. "Did they truly get 10 PB!? We don't know. To extract such an amount of data means, you have to be lodged in the system over a longer period of time," NetAskari writes.
"Most likely with the help of someone from the inside. Even if the cyber security is a little bit shoddy, eventually someone probably would notice a constant data extraction process of this size."
CNN posits a botnet-based approach that could have distributed the extraction of data across many sources simultaneously, thereby making such an attack difficult to trace.
Vx-underground is more intrigued about the practicalities of holding on to all of that data. "I'm also very curious [about] the 10 PETABYTES of data exfiltrated because [that] is an unfathomable number," they write, "10PB is 10,000 TB. Even in cold storage that's roughly $43,000/month. If it's 'hot storage' you're looking at something like, $150,000/month, that doesn't even include the fees for moving the data which would be ASTRONOMICAL."
CNN itself reached out to a number of experts to speak to the authenticity of the leak's contents, including Dakota Cary. A consultant at SentinelOne, a cybersecurity firm focusing on China, Cary told CNN that the leak's contents were what he would expect given the alleged source, elaborating, "You would use supercomputer centers for large computational tasks. The swath of samples that the sellers put out kind of really speaks to the breadth of customers that this supercomputing center had."
That doesn't sound like the most damning evidence to me. Cary also went on to share that China has had "really poor cybersecurity for a very long time across a wide number of industries and organizations." He went on to tell CNN, "If you look at what Chinese policymakers say themselves, cybersecurity in China has not been good. They would say it’s still improving at this point in time."