China suffers one of the largest data thefts in history
What's the story
A hacker has breached a state-run Chinese supercomputer and stolen over 10PB of sensitive data. The information includes documents marked "secret" in Chinese and technical files, animated simulations, and renderings of defense equipment including bombs and missiles. The attack is believed to be one of the largest data thefts from China in history. Cybersecurity experts believe the data was obtained from National Supercomputing Center (NSCC) in Tianjin, which serves over 6,000 clients across China including advanced science and defense agencies.
Breach
Data contains research across various fields
The hacker, who goes by the name FlamingChina, claims they gained access to the supercomputer with relative ease. They were able to extract huge amounts of data over several months without detection. On February 6, FlamingChina had posted a sample of the stolen dataset on an anonymous Telegram channel. The group claims it contains research across various fields that include aerospace engineering, military research, bioinformatics, fusion simulation and more.
Connections
Stolen data linked to top organizations in China
The stolen data is said to be connected with top organizations such as the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China, and the National University of Defense Technology. Cybersecurity experts who examined this data say that FlamingChina is selling a limited preview for thousands of dollars while full access costs hundreds of thousands. Payment is requested in cryptocurrency.
Contents
Data theft could have far-reaching implications
Dakota Cary, a consultant at cybersecurity firm SentinelOne who specializes in China, said the samples posted online are exactly what one would expect from a supercomputing center. He added that most customers would have little reason to maintain their own supercomputing infrastructure independently.
Extraction strategy
Hacker used botnet to extract data over several months
The hacker claimed they accessed the Tianjin supercomputer via a compromised VPN domain. Once inside, they deployed a botnet: a network of automated programs that could enter NSCC's system and extract, download and store data. The extraction process for 10PB of data took about six months. Cary explained this method was more about architecture than technical sophistication, as it involved pulling data through a security hole in NSCC by distributing the extraction across multiple systems at once to avoid detection.
Security concerns
Incident highlights China's cybersecurity vulnerabilities
The alleged breach, if true, points to a major vulnerability in China's tech infrastructure as it competes with the US to become a global technology innovator and AI leader. Cybersecurity has long been a known weakness across both government and private sector. In 2021, an unsecured online database reportedly containing personal information of almost one billion Chinese citizens was left unsecured and an anonymous user on a hacker forum offered to sell the data in 2022.