China's Supercomputer Hacked, Military Secrets and Missile Schematics Suspected Leaked

A major hacking case has rocked China. A hacker claims to have breached one of the Chinese government’s supercomputers and stolen highly sensitive data. The information allegedly stolen includes secret defence documents, missile blueprints, and military simulations. If these claims are verified, the incident could rank as one of the largest data thefts from a state facility in China. The targeted facility is the National Supercomputing Center (NSCC) in Tianjin. This supercomputing centre, operational since 2009, plays a crucial role by serving over 6,000 clients across China, including scientific institutions and strategic defence agencies. From this centre, the perpetrator reportedly extracted around 10 petabytes of sensitive data. For context, 1 petabyte equals 1,000 terabytes, meaning the total data stolen is roughly equivalent to the storage capacity of 10,000 laptops each with 1 TB of storage. This illustrates the massive scale of the alleged leak. The hacker’s claims indicate the data originates from key NSCC clients, such as the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China, and the National University of Defense Technology. To grant full access to all the secret directories under their control, the group is said to be demanding a ransom of hundreds of thousands of US dollars, payable in cryptocurrency. Dakota Cary, a cybersecurity consultant from SentinelOne specialising in the China region, states that the circulating samples appear convincing. The documents reportedly include files labelled secret in Mandarin, technical documents, and simulations of defence equipment such as bombs and missiles. How could such a critical system be breached? According to Marc Hofer, a cybersecurity researcher who communicated with the perpetrators via Telegram, the attack began with a compromised VPN domain. Once inside, the hackers did not drain the data all at once. They used a botnet to extract, download, and store the data gradually and covertly. The process of stealing 10 petabytes of data reportedly lasted about six months without detection by the NSCC’s security systems. Dakota Cary assesses that the method employed is not particularly complex technically but is clever strategically. By breaking down the data retrieval into small amounts across multiple different servers, the perpetrators successfully avoided triggering security alarms. This case once again highlights cybersecurity issues in China. Amid the country’s ambitions to lead in global AI innovation and compete with the United States, data protection remains a frequent weak point, both in government environments and the private sector. Previously, China has also suffered major data leaks. In 2021, a database containing personal information on around one billion citizens was reportedly exposed for over a year. That leak only became public knowledge after an anonymous user offered it on a hacker forum in 2022. As of this report, neither China’s Ministry of Science and Technology nor the Cyberspace Administration of China (CAC) has issued an official statement regarding the alleged breach of NSCC Tianjin.