GoKawiilA hacker (or hacker group) claims to have extracted more than 10 petabytes (1PB = 1000 TB) of highly sensitive information from China's National Supercomputing Center (NSCC) in Tianjin, which could be the largest known data breach involving Chinese infrastructure. Although the incident remains unverified, its nature and scale — data was stolen from 6,000 state-controlled entities — may point to a systemic weakness in China's critical infrastructure, which has serious implications, reports CNN.
The dataset is said to originate from China's National Supercomputing Center, a centralized high-performance computing facility that supports over 6,000 entities from research, industrial, and defense sectors. Indeed, the alleged content spans multiple disciplines, including aerospace engineering, bioinformatics, fusion modeling, and other fields studied using supercomputer simulations. The individual or group behind the breach, which goes by the name of FlamingChina, released a sample in a Telegram channel in February, claiming the archive contains research tied to such organizations as the Aviation Industry Corporation of China (AVIC), the Commercial Aircraft Corporation of China (COMAC), and the National University of Defense Technology.
The exposed materials include files labeled 'secret' in Chinese, along with engineering documentation, simulation results, and rendered models tied to weapons systems such as bombs and missiles, according to analysts who reviewed portions of the leak. Access to portions of the dataset is reportedly being sold for thousands of dollars in cryptocurrency, while full access is priced at hundreds of thousands of dollars.
Article continues below
The scale of the alleged breach raises questions about the attacker and represents a significant interest from an intelligence point of view. First up, stealing 10PB of data undetected requires exceptional skills, plenty of time (six months), and dedication. Secondly, processing 10PB of data requires significant computing resources that are not usually available to individuals or hacking groups. Thirdly, given the requirements for significant computing capabilities, meaningful analysis of the dataset can indeed be limited to governments or large organizations. Yet, researchers questioned by CNN suggested that while global governments may show interest in such data, some may already possess the information through other means.
According to the alleged attacker, they gained access through a compromised VPN domain, then deployed a botnet to extract data. Instead of transferring data in bulk, the attacker distributed the exfiltration across multiple systems and moved 'smaller' amounts over about six months to avoid detection. Such a method relies more on exploiting system architecture than on advanced hacking techniques, which in part helped the perpetrator to avoid detection.
Although CNN could not confirm the source of the leak or whether it was real, multiple cybersecurity experts say that the samples appear authentic and match what they would expect to see from a centralized supercomputing facility. If the attack is real, the incident highlights ongoing cybersecurity weaknesses in China's critical infrastructure, which means that some of its secret technologies can end up in the hands of foreign governments or terrorist organizations, which may use them to harm not only China but other countries as well.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.