A hacker operating under the alias FlamingChina claims to have exfiltrated more than 10 petabytes of classified military and scientific data from China’s National Supercomputing Center — a volume so staggering that, if verified, it would dwarf virtually every known data breach in history. The assertion, posted on the dark web forum BreachForums, includes purported samples of weapons system designs, satellite telemetry, nuclear simulation models, and artificial intelligence research tied to the People’s Liberation Army.
That’s not a typo. Ten petabytes. To put it in perspective, the entire printed collection of the U.S. Library of Congress is estimated at roughly 10 terabytes. This alleged haul is a thousand times that.
The claim surfaced in early June 2025 and was first reported in detail by TechRadar, which noted the hacker’s assertion that the breach targeted the Tianjin branch of China’s National Supercomputing Center, one of the country’s premier high-performance computing facilities. FlamingChina posted what they described as directory listings, file samples, and metadata to substantiate the claim. The hacker reportedly offered the data for sale, pricing it in cryptocurrency and marketing it as the most consequential cyber theft ever executed against a nation-state’s military infrastructure.
Skepticism is warranted. Enormous.
Cybersecurity researchers who’ve examined the posted samples are divided. Some say the directory structures and file naming conventions are consistent with what you’d expect from a Chinese government supercomputing environment — technical nomenclature, project codes that align with known PLA research programs, and file formats typical of simulation and modeling workloads. Others caution that fabricating such metadata is well within the capability of a sophisticated actor seeking notoriety or a payday. Nobody outside the Chinese government can confirm whether the data is authentic, and Beijing has not publicly acknowledged any breach.
But the specifics FlamingChina has shared are detailed enough to merit serious attention. According to the dark web posting, the stolen files include computational fluid dynamics simulations related to hypersonic weapons development, radar cross-section modeling for stealth aircraft, satellite orbit prediction algorithms, nuclear warhead yield simulations, and extensive AI training datasets used by PLA-affiliated research labs. If even a fraction of this is genuine, the intelligence value would be extraordinary.
China’s National Supercomputing Centers are not obscure facilities. The country operates a network of them — in Tianjin, Guangzhou, Changsha, Jinan, Shenzhen, Wuxi, and elsewhere — and they house some of the world’s most powerful machines. The Tianjin center is home to the Tianhe series of supercomputers, which have at various points ranked among the top systems globally on the TOP500 list. These machines serve dual purposes: civilian scientific research and classified military computation. The overlap between civilian and defense workloads on shared infrastructure has long been flagged by Western intelligence agencies as both a strength and a vulnerability in China’s computing architecture.
The sheer volume claimed — 10 petabytes — raises immediate logistical questions. Exfiltrating that much data without detection would require either sustained access over a long period, extremely high-bandwidth connections, or both. For reference, a standard 1 Gbps connection running at full capacity would take roughly 926 days to transfer 10 petabytes. Even at 100 Gbps, which is common within supercomputing environments, the transfer would take over nine days of continuous, uninterrupted throughput. That’s a long time to go unnoticed.
So how could it happen? One possibility is insider access. A privileged systems administrator or researcher with legitimate credentials could move data to external storage over weeks or months, compressing and staging it in ways designed to avoid triggering automated monitoring. Another scenario involves a compromised supply chain — malware embedded in hardware or software updates that created persistent backdoor access. A third possibility, and the one some researchers find most plausible, is that the 10-petabyte figure is inflated and the actual exfiltration was smaller but still significant, with the hacker padding the claim for commercial leverage on BreachForums.
TechRadar noted that the hacker’s BreachForums account was relatively new, which cuts both ways — it could indicate a fresh alias created specifically for this operation, or it could suggest an unproven actor making outsized claims. BreachForums itself has a checkered history; the platform has hosted both legitimate breach disclosures and fabricated ones, making independent verification essential.
The timing is notable. U.S.-China tensions over technology, military posturing in the Taiwan Strait, and ongoing disputes over semiconductor exports have created a charged environment in which cyber operations against either side carry heightened geopolitical significance. Just weeks before FlamingChina’s posting, the U.S. government disclosed new details about the Volt Typhoon and Salt Typhoon campaigns — Chinese state-sponsored hacking operations that compromised American telecommunications infrastructure and critical systems. The revelation of a massive breach flowing in the opposite direction, targeting China’s military computing backbone, would represent a dramatic escalation in the ongoing digital conflict between the two powers.
Whether FlamingChina is a lone wolf, a state-sponsored operator using a hacktivist persona, or something else entirely remains unknown. The alias suggests a deliberate provocation — “Flaming” combined with “China” — and the hacker’s communications have been in English, which tells us little given the global nature of the cybercriminal underground. Intelligence analysts who’ve commented anonymously to cybersecurity publications have noted that nation-states frequently use criminal forums to launder stolen data, creating plausible deniability by making government-sponsored theft look like freelance cybercrime.
And then there’s the question of what happens next. If the data is real and finds a buyer — or multiple buyers — the proliferation risk is severe. Hypersonic weapons research, nuclear simulation data, and satellite intelligence algorithms in the wrong hands could accelerate weapons programs in countries that currently lack such capabilities. Even partial datasets could save adversaries years of independent research and development. The intelligence community term for this is “leapfrogging,” and it’s precisely the scenario that keeps defense officials awake at night.
China’s response, or lack thereof, will be telling. Beijing typically denies breaches outright, and its state media apparatus rarely acknowledges cybersecurity failures. But behind the scenes, a breach of this magnitude — if confirmed internally — would trigger a massive forensic investigation, personnel reviews, and likely a restructuring of security protocols across the entire national supercomputing network. The political fallout within the Chinese Communist Party’s military-industrial complex would be significant. Heads would roll, possibly literally given China’s track record of severe punishment for officials deemed responsible for national security failures.
For the cybersecurity industry, the FlamingChina claim is a stress test of attribution and verification capabilities. The community has gotten better at analyzing breach claims, cross-referencing leaked samples against known datasets, and identifying fabricated material. But a breach of this alleged scale and classification level is different from a corporate data dump. There’s no public reference dataset to compare against. No one outside classified circles knows exactly what China’s hypersonic weapons simulations look like in file format. That makes verification extraordinarily difficult and gives both believers and skeptics ample room to argue.
Several cybersecurity firms have begun preliminary analysis of the posted samples. No major firm has yet issued a public assessment confirming or denying the data’s authenticity, though private briefings to government clients are reportedly underway. The intelligence value of even the metadata — the directory structures, project names, and organizational hierarchies implied by the file system — could be significant regardless of whether the underlying data files are genuine.
What’s clear is that this claim, real or not, has already achieved one of its objectives: attention. FlamingChina’s posting has generated enormous discussion across cybersecurity forums, Telegram channels, and social media. On X, researchers and analysts have been dissecting the posted samples, debating file authenticity, and speculating about the hacker’s identity and motives. The discourse itself is a form of information warfare — forcing China to respond, or to conspicuously not respond, while flooding the zone with uncertainty.
The precedent for mega-breaches against government targets is thin but growing. The 2015 U.S. Office of Personnel Management hack, attributed to Chinese state actors, compromised 22.1 million records including sensitive security clearance information. The SolarWinds attack in 2020, attributed to Russian intelligence, penetrated multiple U.S. government agencies. Neither approached anything close to 10 petabytes in volume, though both were devastating in their own right. If FlamingChina’s claim holds up, it would represent a quantum leap — not just in scale, but in the sensitivity of the material involved.
For now, the cybersecurity world watches and waits. The data either exists or it doesn’t. If it does, the implications for global military competition, intelligence operations, and the security of high-performance computing infrastructure are profound. If it doesn’t, the episode still exposes the fragility of trust in an era where a single anonymous posting on a criminal forum can trigger international anxiety.
Either way, the message is the same. No system is impenetrable. Not even a supercomputer.
10 Petabytes of China’s Military Secrets: Inside the Alleged Supercomputer Breach That Could Rewrite Cyber Warfare first appeared on Web and IT News.