The person at the center of this case
Multiple victims including U.S. government agencies, religious organizations, foreign governments, and news organizations
Cold Case · Open
48 days waiting
AQUATIC PANDA CYBER THREAT ACTORS
Justice for Multiple victims including U.S. government agencies, religious organizations, foreign governments, and news organizations — the trail went cold in 2026, but the truth hasn't.
Start here
Key leads to think about
🎯
suspect
Lead #1How many i-Soon employees were involved in the hacking operations and what were their specific roles?
🔍
evidence
Lead #2What specific vulnerabilities and techniques did i-Soon use to compromise email accounts and government servers?
👤
person
Lead #3Which PRC MSS and MPS officials directly coordinated with i-Soon leadership?
From 2016 to 2023, the Chinese technology company Anxun (i-Soon) and its personnel allegedly engaged in widespread computer compromises directed by China's Ministry of State Security and Ministry of Public Security. The conspiracy targeted email accounts, cell phones, servers, and websites belonging to U.S. government agencies, religious organizations, foreign governments, news organizations, and PRC dissidents across the globe. The case remains under investigation as authorities work to identify all victims and hold responsible parties accountable for this extensive cyber espionage operation.
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
💡
clue
Lead #4How many victims across all targeted organizations have been identified and notified?
📍
location
Lead #5Did i-Soon maintain additional operational facilities beyond Shanghai?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Commit Computer Fraud; Conspiracy to Commit Wire Fraud Caution: From at least in or around 2016, through in or around 2023, the Chinese technology company Anxun (i-Soon) Information Technology Co., Ltd., aka “i-Soon” (“i-Soon”), and its personnel, allegedly engaged in numerous and widespread compromises of email accounts, cell phones, servers, and websites at the direction of, and in close coordination with, the People's Republic of China's (PRC) MSS and MPS. Incorporated in or around 2010, in Shanghai, China, i-Soon allegedly profited and grew as a key player in the PRC’s hacker-for-hire ecosystem.
At certain times, i-Soon had three (3) teams of employees allegedly working to attack computer systems. i-Soon employees allegedly compromised and attempted to compromise victims across the globe, including a large religious organization in the United States, critics and dissidents of the PRC government, a state legislative body, United States government agencies, the ministries of foreign affairs of multiple governments in Asia, and news organizations.
Timeline of Events
🕵️
2010
i-Soon Incorporated
Anxun (i-Soon) Information Technology Co., Ltd. incorporated in Shanghai, China
🕵️
2016
Conspiracy Period Begins
From at least 2016, i-Soon and personnel began engaging in computer compromises at direction of PRC MSS and MPS
🕵️
2023
Conspiracy Period Ends
Alleged conspiracy activities continued through approximately 2023
Key Locations
Interactive map showing important locations related to this case
Case Information
Incident:January 1, 2010
Last Updated:April 29, 2026
Leave a comment
Comments
Case Information
Incident:January 1, 2010
Last Updated:April 29, 2026