Hey, it wasn't us! We swear! Blame, er ... "FlamingChina," a hacker group that discovered just how poor Beijing's opsec in cyberspace actually is.
Or so CNN reports, anyway. Frankly, this sounds like an Uno reverse replay of the Barack Obama years, when China exploited government and commercial systems as though we used the public library as our storage systems for sensitive data:
A hacker has allegedly stolen a massive trove of sensitive data – including highly classified defense documents and missile schematics – from a state-run Chinese supercomputer in what could potentially constitute the largest known heist of data from China.
The dataset, which allegedly contains more than 10 petabytes of sensitive information, is believed by experts to have been obtained from the National Supercomputing Center (NSCC) in Tianjin – a centralized hub that provides infrastructure services for more than 6,000 clients across China, including advanced science and defense agencies.
Cyber experts who have spoken to the alleged hacker and reviewed samples of the stolen data they posted online say they appeared to gain entry to the massive computer with comparative ease and were able to siphon out huge amounts of data over the course of multiple months without being detected.
The Uno-reverse context may be the most interesting part of this story. China has conducted an aggressive campaign of cyberattacks for well over a decade; the hack into the Office of Personnel Management in 2015 was just the first success on a scale large enough to grab everyone's attention. Beijing also forces commercial companies to allow access to corporate data as a condition of operating within China, which the US has long opposed but done very little to stop. As late as last year, the New York Times warned repeatedly that AI systems had allowed Chinese intelligence to ramp up hacking, that their spies routinely exploited other commercial software as hacking platforms, and that Beijing had accumulated data on "almost every American."
One would think that a regime this focused on cyberespionage would understand the need to play some defense as well as offense. Apparently not.
At least for the moment, this does not appear to be state-based espionage. CNN reports that FlamingChina, the group taking credit for the hack, wants to sell access to the material. They want payment via crypto, in fact, and are willing to sell portions for four figures but want six figures for access to the full dataset. State-based intelligence agencies don't usually operate like that; in fact, they don't usually offer access at all, except to their own organizations and allies. Even if we charged for that data, we'd overprice it. The CIA wants to make sure Chuck Schumer doesn't cut off their funding, after all.
It's one thing to claim that you're selling the PRC's Greatest Hits Double Album; it's another to deliver the goods. Is this really on the level? CNN's experts think this is the real deal:
CNN cannot verify the origins of the alleged dataset and the claims made by FlamingChina, but spoke with multiple experts whose initial assessment of the leak indicated it was genuine.
The alleged sample data appeared to include documents marked “secret” in Chinese, along with technical files, animated simulations and renderings of defense equipment including bombs and missiles.
“They’re exactly what I would expect to see from the supercomputing center,” said Dakota Cary, a consultant at cybersecurity firm SentinelOne who focuses on China and has reviewed the samples placed online from the alleged hack.
The scope of the hack is astonishing, too. A petabyte is 1,000 terabytes, 1,000,000 gigabytes, and 1,000,000,000 megabytes. Hackers exfiltrated 10 times that amount of data without being detected. How did hackers steal ten petabytes of data without being discovered? NDTV World suggests a lengthy and sophisticated process designed to fly under the cybersecurity radar:
Preliminary analysis suggests that the breach may not have relied on highly sophisticated techniques but instead exploited weaknesses in system architecture. The attacker claimed to have gained access through a compromised VPN domain and used automated tools to systematically extract data over a six-month period.
The attacker minimised detection risk by distributing extraction across multiple systems, making it harder to spot small data transfers. "Somebody on the defensive side is less likely to notice small amounts of data leaving the system," Cary explained. He noted this method, though effective, isn't especially innovative.
If confirmed, the incident could expose deeper structural vulnerabilities in China's digital infrastructure, particularly at a time when the country is striving to strengthen its position in advanced technology and artificial intelligence.
It also exposes some naive practices by a supposed world power in cyberspace. Why would China allow all of that data to accumulate in one node? How did they miss those access attempts and data transfers? China's cyberwarfare groups are military in nature, not bureaucratic. This suggests a lack of discipline and training that doesn't speak well of the potential performance of other aspects of its military if put to the test.
It also raises the question that China will ask itself obsessively over the next few months: Was FlamingChina the first hackers to access this data, or just the first to go public? If this group could exfiltrate ten terabytes of data from its supercomputer using "[not] especially innovative techniques," how many others have already robbed them blind? Those are questions the US had to ask itself after the OPM hack, too. Welcome to the party, pals.
Join the conversation as a VIP Member