Alleged Exfiltration of >10 PB Sensitive Military & Aerospace Data from China’s National Supercomputing Center
What Happened — A group calling itself “FlamingChina” claims to have stolen more than 10 petabytes of highly classified military, aerospace, bio‑informatics and fusion research from China’s National Supercomputing Center (NSCC) in Tianjin. The data was allegedly exfiltrated over several months and samples are now being sold on underground channels.
Why It Matters for TPRM —
- Exposure of state‑level research can give adversaries strategic insight and increase geopolitical risk for any organization that partners with Chinese research or cloud providers.
- The breach highlights the difficulty of monitoring massive data‑flow environments, a concern for any third‑party that handles large‑scale scientific or defense workloads.
- Potential sanctions, export‑control scrutiny, and supply‑chain disruptions may affect vendors that rely on Chinese high‑performance computing resources.
Who Is Affected — Government & defense agencies, aerospace manufacturers, biotech research institutions, and any enterprise that consumes NSCC’s high‑performance computing services.
Recommended Actions —
- Review contracts and data‑handling clauses with Chinese HPC providers.
- Verify that data‑loss‑prevention (DLP) and network‑traffic monitoring are in place for any cross‑border data transfers.
- Assess geopolitical risk and consider diversification of critical workloads to alternative, vetted cloud or on‑premise HPC platforms.
Technical Notes — The attack vector has not been publicly disclosed; experts note the breach appeared “with relative ease,” suggesting possible mis‑configuration or insider facilitation. No specific CVEs were cited. Data types include classified missile designs, fighter‑jet telemetry, and proprietary bio‑informatics datasets. Source: Security Affairs