About two months ago we saw a sales announcement on a dark web forum by a hacker that goes by the name of “airborneshark1". It offered a massive data set of 10 Petabyte that was apparently extracted from the National Super Computer Center of China ( NSCC ) in Tianjin. It was re-upped again a few days ago, probably to drive up the bidding process. The first post offered still the possibility to just take a peek at the complete list of “obtained” datasets, for measly 3000 USD ( its only to take a look at the menu so to speak ). This time around it’s “all in” and it goes to the highest bidder.
The group that has conducted the "hack” calls itself "Flaming China”. Their Telegram Channel seems to be existing since early Feb. Doubtful this is a permanent group and rather an alias.
We have written on it in February on X a little but thought it might be a good idea to revisit it now, as it seems to pick up traction online again. Just as a disclaimer, we are not military weapons experts, so we leave the judgement of the data to better suited accounts.
The NSCC is a massive, government owned data center that provides academic institutions, SOEs and other partner organizations, resources to run very complex digital simulations. Weather pattern analysis, world-models, complex physical simulations…all of that.
Now, this data center of course is also heavily facilitated by the military and their contractors and R&D partners, to run challenging technical virtualization processes.
We could take a look at the sample data they originally leaked back in February. And although much of it was quite technical and above our pay-grade, we would say that at least the data they shared, was genuine.
Did they truly get 10 PB !? We don't know. To extract such an amount of data means, you have to be lodged in the system over a longer period of time. Most likely with the help of someone from the inside. Even if the cyber security is a little bit shoddy, eventually someone probably would notice a constant data extraction process of this size.
Either way, if the whole dataset is real or if they just extracted some and trying to inflate the price by claiming they have more is hard to tell at this stage. But the hackers/leaker left us with some sample data, so lets look at that !
Let us dig into the juicy parts, the leaked sample data. It is a wild mix, therefore we will only talk about some of the more interesting aspects here. Overall it was a few GB of data in the sample set ( from a 10PB full set ).
To show that they were truly in the system, the hackers released a bunch of screenshots of the internal system directory layout, user credentials etc. That is fairly usual, to eliminate any reasonable doubt that the hack actually took place.
The data ranges from PDF's of reports and handbooks, to very technical files that hold radar test data but also renderings of physics simulations, series of test calculations etc.
One aspect that the NSCC has been extensively used for is to simulate the effect of payloads and weapon systems against certain targets and materials. Mainly to collect high damage data for further R&D etc. Many of the documents are also rather recent from 2024 and 2025.
The data from above seems from unclassified documents but the sample set also had a document labeled “秘密*10年" (classified for a time period of 10 years).
This document was an extensive testing report of a bunker buster ammunition, from 2025. It holds physical models of a HIMARS truck ( a system recently acquired by Taiwan ), its armor and other components to include in the virtual target simulation, as well as an aircraft carrier and several bunker setups.
They even included a little, animated simulation video probably created during a test series.
Further there is data from a radar system. We were able to visualizing it, though we are not 100% what we are looking at. Maybe a cloud pattern analysis of a weather radar !?
There are several other datasets in the sample as well, including a system called "stealth” that seems to be data for a SurroOpt setup. The only identifier of anything "stealthy” was a reference to the X-47B stealth drone of the US and a lot of technical tables etc. We are just humble cyber sec enthusiasts and if anyone with a aeronautic engineering degree is interested, reach out.
What can we say about this leak ? Well, it seems it is real, at least judging by the sample data. We can't speak for the full set of course and we didn't go through ALL sets in the samples either. Especially the more obscure binaries and simulation data is something we not always could figure out, as we are not engineers or physicists specialized in virtual simulations.
But assuming the leak is real, this was a well planned operation. The data must have been extracted over a very long period of time, as mentioned above, while storing it is also not the most straight forward process.
The actors apparently had enough time to thoroughly explore the data-center's clusters and storage infrastructure, laterally gaining access to more and more components. This was not a smash-and-grab job. When the 10PB size is correct, that might have been the lion share of all the data stored on the NSCC servers. We can't speak of the cyber security setup of the NSCC but it raises the question how an attacker can extract data of such a size without being discovered. This could explain that this might have been an inside job all along.
Though we don't want to feed conspiracies but it should be noted that just a few weeks later, the Chinese Academy of Sciences expelled a few high ranking members. All involved in high level R&D of military equipment it seems. Among them heavy hitters like Yang Wei, chief designers of the J-20. China's new stealth fighter.
March 25th 2026 update:
