An anonymous threat actor group calling itself FlamingChina claims to have maintained persistent, undetected access to China's National Supercomputing Center Tianjin (NSCC) for approximately six months, exfiltrating an estimated 10 petabytes of sensitive data. Samples shared via Telegram have been reviewed by Dakota Cary, a consultant at SentinelOne, who assessed the documents as appearing authentic. If the full scope of the claim holds, this represents one of the largest confirmed exfiltrations from a state-linked research and defense computing facility on record.

What Happened

NSCC Tianjin, operational since 2009, serves as a centralized high-performance computing platform for over 6,000 institutional clients spanning scientific research, academia, and defense. The facility's role as a shared compute resource for multiple sensitive government-adjacent organizations made it a high-value target: a single point of access with broad downstream reach.

FlamingChina claims the intrusion began roughly six months before going public. The group began listing data samples for sale on Telegram on February 6, 2026. The actors are now demanding ransoms in the hundreds of thousands of dollars, payable in cryptocurrency, for access to the full dataset.

What Was Taken

The claimed exfiltration totals approximately 10 petabytes, the equivalent of roughly 10,000 one-terabyte drives. Based on data samples analyzed by SentinelOne's Cary, the stolen material reportedly includes:

• Classified defense documents assessed at the highest sensitivity levels
• Missile schematics and design documentation
• Military simulation blueprints and scenario data
• Material originating from NSCC clients including the Aviation Industry Corporation of China (AVIC), the Commercial Aircraft Corporation of China (COMAC), and the National University of Defense Technology (NUDT)

The combination of aerospace manufacturing data, commercial aviation design, and defense university research under one exfiltration makes the dataset exceptionally broad in its potential intelligence value.

Why It Matters

This incident exposes a structural vulnerability in how shared supercomputing infrastructure is secured. NSCC Tianjin's role as a compute utility for thousands of clients means that a single persistent compromise creates lateral access to data from organizations that may each have their own robust perimeter defenses. The attacker did not need to breach AVIC or COMAC directly; they breached the shared resource those organizations trusted.

The six-month dwell time is operationally significant. This was not a smash-and-grab but a patient, deliberate collection campaign. The exfiltration of 10 petabytes over that window implies either high-bandwidth exfil channels blending into normal traffic or a series of staged, low-volume transfers designed to avoid anomaly detection. Either scenario points to a technically capable adversary with clear intelligence objectives.

For Western and allied defense planners, the confirmed exposure of AVIC and COMAC data alongside NUDT simulation material creates a mosaic problem: even partial, unverified datasets from these sources have compounding intelligence value when aggregated.

The Attack Technique

The specific initial access vector has not been confirmed in available reporting. Given the six-month persistence and the scale of the environment, likely techniques consistent with this type of intrusion include credential compromise of a high-privilege account, exploitation of unpatched vulnerabilities in the HPC job scheduling or storage management layer, or supply chain access via a trusted institutional client with existing NSCC network access.

The extended dwell time and claimed volume of exfiltration suggest the actor had read access to large portions of the storage fabric, not merely isolated project directories. No ransomware or destructive payload appears to have been deployed; the operation appears to have been purely collection-focused until the group shifted to monetization via Telegram sales and direct ransom demands.

What Organizations Should Do

1. Audit shared HPC and cloud compute access. Any organization that has submitted workloads to shared computing infrastructure, particularly in defense-adjacent or dual-use research contexts, should treat that data as potentially compromised and assess downstream exposure.

2. Enforce data classification boundaries at the storage layer. Sensitive workloads should be isolated from shared storage fabrics at the hardware or hypervisor level, not just by access control lists that a single compromised admin credential can bypass.

3. Instrument egress at scale. Ten petabytes moved over six months is detectable with proper NetFlow analysis and DLP baselines. Organizations should ensure anomalous outbound data volumes trigger alerts regardless of whether the source IP appears trusted.

4. Apply least-privilege to compute platform credentials. Service accounts used by HPC schedulers and storage systems frequently carry excessive permissions. A compromise of any one of these accounts should not translate to facility-wide read access.

5. Monitor threat actor Telegram channels. FlamingChina's use of Telegram for data sales is consistent with a growing trend. Intelligence teams should actively track these channels to identify exposed organizational data before adversaries act on it.

6. Prepare for mosaic intelligence exploitation. If your organization's data may be in scope, brief leadership on the risk that partial data combined with other stolen datasets can be more dangerous than the individual pieces appear.

Sources: Operasi Senyap 6 Bulan Hacker Bobol Superkomputer China