The person at the center of this case
Multiple victims including U.S. government agencies, religious organizations, foreign governments, news organizations, and PRC dissidents
Cold Case · Open
94 days waiting
AQUATIC PANDA CYBER THREAT ACTORS
Justice for Multiple victims including U.S. government agencies, religious organizations, foreign governments, news organizations, and PRC dissidents — the trail went cold in 2026, but the truth hasn't.
Start here
Key leads to think about
🎯
suspect
Lead #1What was the organizational structure and chain of command within i-Soon's three attack teams?
🔍
evidence
Lead #2What specific vulnerabilities and tools did i-Soon use to compromise email accounts and government servers?
📍
location
Lead #3Which U.S. government agencies were compromised and what sensitive information was accessed?
From 2016 to 2023, the Chinese technology company Anxun (i-Soon) and its personnel allegedly conducted widespread cyberattacks on email accounts, cell phones, servers, and websites under direction of China's MSS and MPS intelligence agencies. Targets included a major U.S. religious organization, government agencies, foreign ministries, news organizations, and PRC dissidents across the globe. The FBI seeks information about this conspiracy to commit computer fraud and wire fraud involving a sophisticated state-sponsored hacker-for-hire operation.
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
👤
person
Lead #4Who are the key personnel and leadership within i-Soon responsible for directing these cyberattacks?
📞
contact
Lead #5What communications exist between i-Soon executives and PRC MSS/MPS officials coordinating the attacks?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Commit Computer Fraud; Conspiracy to Commit Wire Fraud Caution: From at least in or around 2016, through in or around 2023, the Chinese technology company Anxun (i-Soon) Information Technology Co., Ltd., aka “i-Soon” (“i-Soon”), and its personnel, allegedly engaged in numerous and widespread compromises of email accounts, cell phones, servers, and websites at the direction of, and in close coordination with, the People's Republic of China's (PRC) MSS and MPS. Incorporated in or around 2010, in Shanghai, China, i-Soon allegedly profited and grew as a key player in the PRC’s hacker-for-hire ecosystem.
At certain times, i-Soon had three (3) teams of employees allegedly working to attack computer systems. i-Soon employees allegedly compromised and attempted to compromise victims across the globe, including a large religious organization in the United States, critics and dissidents of the PRC government, a state legislative body, United States government agencies, the ministries of foreign affairs of multiple governments in Asia, and news organizations.
Timeline of Events
📋
2010
i-Soon Incorporation
Anxun (i-Soon) Information Technology Co., Ltd. incorporated in Shanghai, China
🕵️
2016
Conspiracy Period Begins
From approximately 2016, i-Soon and personnel began coordinated cyberattacks under PRC MSS and MPS direction
🕵️
2023
Conspiracy Period Ends
Alleged conspiracy activities continued through approximately 2023
Key Locations
Interactive map showing important locations related to this case
Case Information
Incident:January 1, 2010
Last Updated:June 14, 2026
Leave a comment
Comments
Case Information
Incident:January 1, 2010
Last Updated:June 14, 2026