The person at the center of this case
Multiple victims including U.S. government agencies, religious organizations, foreign governments, news organizations, and PRC dissidents
Cold Case · Open
64 days waiting
AQUATIC PANDA CYBER THREAT ACTORS
Justice for Multiple victims including U.S. government agencies, religious organizations, foreign governments, news organizations, and PRC dissidents — the trail went cold in 2026, but the truth hasn't.
Start here
Key leads to think about
🎯
suspect
Lead #1What was the organizational structure of i-Soon's three attack teams and how were they coordinated?
🔍
evidence
Lead #2What specific vulnerabilities and techniques did i-Soon exploit across email, mobile, and server systems?
👤
person
Lead #3Which i-Soon personnel held leadership roles and direct communication with PRC MSS and MPS officials?
From 2016 to 2023, the Chinese technology company Anxun (i-Soon) and its personnel allegedly conducted widespread cyberattacks on email accounts, cell phones, servers, and websites under direction of China's MSS and MPS intelligence agencies. Targets included a major U.S. religious organization, government agencies, foreign ministries across Asia, news organizations, and PRC dissidents and critics. The case remains under investigation as authorities work to hold accountable those responsible for this coordinated state-sponsored hacking campaign.
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
📍
location
Lead #4How many distinct targets were compromised globally and what was the geographic distribution of attacks?
💡
clue
Lead #5What financial transactions and profit flows can be traced between i-Soon and PRC government agencies?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Commit Computer Fraud; Conspiracy to Commit Wire Fraud Caution: From at least in or around 2016, through in or around 2023, the Chinese technology company Anxun (i-Soon) Information Technology Co., Ltd., aka “i-Soon” (“i-Soon”), and its personnel, allegedly engaged in numerous and widespread compromises of email accounts, cell phones, servers, and websites at the direction of, and in close coordination with, the People's Republic of China's (PRC) MSS and MPS. Incorporated in or around 2010, in Shanghai, China, i-Soon allegedly profited and grew as a key player in the PRC’s hacker-for-hire ecosystem.
At certain times, i-Soon had three (3) teams of employees allegedly working to attack computer systems. i-Soon employees allegedly compromised and attempted to compromise victims across the globe, including a large religious organization in the United States, critics and dissidents of the PRC government, a state legislative body, United States government agencies, the ministries of foreign affairs of multiple governments in Asia, and news organizations.
Timeline of Events
🕵️
2010
i-Soon Incorporated
Anxun (i-Soon) Information Technology Co., Ltd. incorporated in Shanghai, China
🕵️
2016
Conspiracy Period Begins
From at least 2016, i-Soon allegedly began coordinated cyberattacks under PRC MSS and MPS direction
🕵️
2023
Conspiracy Period Ends
Alleged coordinated cyberattack campaign continued through approximately 2023
Key Locations
Interactive map showing important locations related to this case
Case Information
Incident:January 1, 2010
Last Updated:May 13, 2026
Leave a comment
Comments
Case Information
Incident:January 1, 2010
Last Updated:May 13, 2026