Six-Month Silent Operation: Hacker Breaches China's Supercomputer to Steal Military Data

A major hacking incident has struck China. Hackers claim to have breached one of the Chinese government’s supercomputers through a silent operation lasting six months. The stolen data reportedly includes highly classified defence documents, missile schematics, and military simulation designs. If proven true, this incident could be the largest data theft in the history of Chinese state facilities. The compromised facility is the National Supercomputing Center Tianjin (NSCC). This supercomputing centre, first opened in 2009, provides computing infrastructure services to over 6,000 clients, including high-level scientific and defence institutions. From this facility, the hackers reportedly extracted around 10 petabytes of sensitive data. For context, one petabyte equals 1,000 terabytes, so the total stolen data equates to the storage capacity of about 10,000 laptops with 1 TB capacity. The group claims the data comes from several major NSCC clients, such as the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China, and the National University of Defense Technology. To gain full access to all the data, the perpetrators are said to have demanded a ransom of up to hundreds of thousands of US dollars, payable in cryptocurrency. Dakota Cary, a consultant at cybersecurity firm SentinelOne, has analysed samples of the shared data. He states that the documents appear authentic, from those labelled “secret” in Mandarin to those containing technical files and defence system simulations such as bombs and missiles. Cybersecurity researcher Marc Hofer revealed that the hackers initially entered through a compromised VPN (Virtual Private Network) domain. Once inside, the hackers did not immediately drain the data. They utilised a botnet to extract and transfer the data gradually and covertly. This strategy was effective because the perpetrators broke the extraction process into small amounts across multiple servers, thus avoiding triggering security alerts. According to Dakota Cary, the method may not be highly sophisticated technically but is very clever in terms of attack architecture. This is not the first such case for China. In 2021, a database containing personal data of around 1 billion Chinese citizens was reportedly exposed for over a year. That leak was only discovered after the data was sold on hacker forums in 2022. To date, neither China’s Ministry of Science and Technology nor the Cyberspace Administration of China (CAC) has issued an official statement regarding the alleged breach of NSCC Tianjin.