What happened
Hackers are claiming they stole more than 10 petabytes of data from China’s National Supercomputing Center in Tianjin, in what could become one of the largest publicly reported data theft claims tied to a Chinese state-linked research environment. The threat actor, calling itself Flaming China, allegedly posted samples of the dataset in February and has continued advertising access to the material. Analysts who reviewed samples said the files appear to relate to research across aerospace engineering, military work, bioinformatics, and fusion simulations. The claimed dataset has been linked to organizations including Aviation Industry Corporation of China, Commercial Aircraft Corporation of China, and the National University of Defense Technology. The provenance of the full dataset has not been independently confirmed, but researchers who examined samples said the material appears consistent with what they would expect from a supercomputing center environment.
Who is affected
The direct exposure appears to center on the National Supercomputing Center in Tianjin and organizations whose research workloads may have been hosted there. Based on the reviewed samples, the potentially affected data may involve state-linked research institutions and organizations working in aerospace, defense, and other advanced scientific fields. The full scope of affected entities has not been officially confirmed.
Why CISOs should care
This incident matters because it shows how compromise of a centralized high-performance computing environment could expose large volumes of sensitive research from multiple organizations at once. It also highlights the concentration risk created when scientific, industrial, and defense-related workloads are aggregated inside a shared computing infrastructure. Even without full independent confirmation of the entire claimed dataset, the samples and analyst review raise serious questions about data segregation, monitoring, and detection inside large-scale research platforms.
3 practical actions
- Review concentration risk in shared compute environments: Identify where highly sensitive research, engineering, or simulation workloads are concentrated in shared infrastructure that could create broad exposure if one platform is compromised.
- Treat sample leaks as an immediate scoping trigger: Move quickly to validate whether leaked samples match your environment when attackers publish previews of allegedly stolen data before full access is sold or released.
- Separate confirmed facts from breach claims: Keep internal and external communications tightly anchored to what has been verified, especially when the claimed volume of stolen data is extremely large and full provenance remains unconfirmed.
For more news about incidents involving exposure of sensitive organizational data, click Data Breach to read more.