-
A hacker group called FlamingChina claims to have stolen 10 petabytes of data from China’s National Supercomputing Center, including defense files, radar tests, and physics simulations.
-
Security researchers are questioning the breach’s legitimacy, noting that extracting 10PB undetected would require either insider access or a sophisticated botnet operation.
-
The hackers offered a sample for $3,000 in cryptocurrency, with the full dataset open to the highest bidder, pointing to clear financial motives behind the alleged leak.
A hacker group called FlamingChina just claimed responsibility for breaching China’s National Supercomputing Center (NSCC) in Tianjin, allegedly walking away with 10 petabytes of sensitive data tied to advanced science and defense programs.
The claim surfaced on dark web forums earlier this year, and security researcher NetAskari first brought it to wider public attention in February 2026 via X, later publishing a deeper breakdown on their Substack.
According to NetAskari, a dark web forum user operating under the handle “airborneshark1” first dangled a sample of the stolen files for $3,000 in cryptocurrency, then threw the full 10-petabyte cache open to the highest bidder.
$3,000 Sample Surfaces with Defense Simulations Inside
NetAskari obtained a multi-gigabyte sample of the alleged stolen data. The sample contained screenshots of internal system directories, user credentials, PDFs of reports and technical handbooks, radar test data, and physics simulation renderings. Those renderings, notably, depicted what the files described as “weapon systems and payloads effects against certain materials and targets.”
One clip from the sample showed what appeared like a simulation of a bunker-buster bomb; a weapon engineered to penetrate reinforced underground structures. Security researchers flagged this as particularly significant, given the alleged source.
China’s NSCC serves roughly 6,000 clients across research and government sectors, which would explain the sheer variety of files in the sample. CNN picked up the story and reached out to China’s Ministry of Science and Technology and the Cyberspace Administration of China for a response. Neither body has issued an official statement at the time of writing.
Dakota Cary, a consultant at cybersecurity firm SentinelOne who specializes in China, told CNN that the sample contents lined up with what he would expect from such a source. “You would use supercomputer centers for large computational tasks,” Cary said.
“The swath of samples that the sellers put out kind of really speaks to the breadth of customers that this supercomputing center had.” Cary also noted that China has maintained “really poor cybersecurity for a very long time across a wide number of industries and organizations,” adding that even Chinese policymakers acknowledge the country is still working to improve it.
The monetization of stolen data has become so lucrative that hackers have launched dedicated platforms like Leak Bazaar to repackage and sell corporate breach data, moving beyond simple ransom demands to a subscription-based model for stolen information.
Security Researchers Cast Doubt on the 10PB Figure
Not everyone is buying the story. Malware archivist and security researcher Vx-underground pushed back on the claim publicly via X. “Something about this story is very strange to me. I’ve been in the cybersecurity line for a very long time,” they wrote, adding that the group name “FlamingChina” had never crossed their radar before; unusual for a group pulling off what would rank as one of the largest data heists ever recorded.
NetAskari raised similar doubts about the logistics. Quietly extracting 10 petabytes from a high-security government facility, without anyone noticing over an extended period, would be a staggering operational feat.
“Did they truly get 10 PB? We don’t know,” NetAskari wrote. “To extract such an amount of data means you must have an entry record in the system over a longer period of time, most likely if there’s an insider. Even though the cybersecurity is quite shoddy, eventually one would somehow detect a constant ongoing data extraction of this volume.”
Vx-underground pressed further on the financial absurdity of storing that volume of data. “10PB is equal to 10,000 TB,” they noted. “Even in cold storage, it’s nearly $43,000 a month. If it’s hot storage, that’s like around $150,000 a month; and that does not even include the fees for moving the data, which would be astronomical.”
CNN suggested that hackers could have used a botnet-based approach, distributing the extraction across many systems simultaneously to avoid detection.
FlamingChina’s Identity Raises More Questions
FlamingChina has operated a Telegram channel since at least February 5, 2026, though NetAskari describes it as more of a short-term alias than a permanent base. The group’s thin history and sudden appearance fuels skepticism.
Threat actors frequently rebrand themselves to dodge detection and generate fresh attention in criminal marketplaces, a pattern that fits FlamingChina’s profile.
Whether the breach is real or an elaborate scam targeting buyers with deep pockets, the incident exposes a troubling reality: dark web actors now operate with enough sophistication and marketing savvy to make even fabricated leaks look credible, and that alone is worth paying attention to.
