Six-Month Stealth Operation: Hacker Breaches China's Supercomputer

China has experienced a major hacking incident. Hackers claim to have breached one of the government’s supercomputers through a six-month stealth operation. The stolen data reportedly includes highly classified defence documents, missile schematics, and military simulation designs. If proven true, this incident could be the largest data theft in the history of Chinese state facilities. The compromised facility is the National Supercomputing Center Tianjin (NSCC). This supercomputing centre, first opened in 2009, provides computing infrastructure services to more than 6,000 clients, including high-level scientific and defence institutions. From this facility, the hackers reportedly extracted around 10 petabytes of sensitive data. For context, one petabyte is equivalent to 1,000 terabytes, so the total stolen data equates to the storage capacity of about 10,000 laptops with 1 TB capacity. The group claims the data comes from several major NSCC clients, such as the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China, and the National University of Defence Technology. To gain full access to all the data, the perpetrators are demanding a ransom of up to hundreds of thousands of US dollars, payable in cryptocurrency. Dakota Cary, a consultant at cybersecurity firm SentinelOne, has analysed samples of the shared data. He states that the documents appear authentic, from being labelled “secret” in Mandarin to containing technical files and defence system simulations such as bombs and missiles. Cybersecurity researcher Marc Hofer revealed that the hackers initially gained entry through a compromised VPN (Virtual Private Network) domain. Once inside, the hackers did not immediately drain the data. They used a botnet to extract and transfer the data gradually and covertly. This strategy was effective because the perpetrators broke down the extraction process into small amounts across multiple servers, thus avoiding triggering security alerts. According to Dakota Cary, the method may not be highly sophisticated technically, but it is very clever in terms of attack architecture. This is not the first such case for China. In 2021, a database containing personal data of around 1 billion Chinese citizens was reportedly exposed for over a year. That leak was only discovered after the data was sold on a hacker forum in 2022. To date, neither China’s Ministry of Science and Technology nor the Cyberspace Administration of China (CAC) has issued an official statement regarding the alleged breach of NSCC Tianjin.