SpyLedger dossier · Mercenary spyware

i-SOON (Anxun Information Technology Co., Ltd.)

i-SOON is the trading name of Anxun Information Technology Co., Ltd., a privately held Chinese information-security and offensive-cyber contractor. It markets itself as a network-security and penetration-testing firm and develops intrusion, data-collection, and surveillance tooling. A large cache of internal documents attributed to the company was leaked publicly in early 2024, which brought attention to its business as a contract cyber-operations provider.

Headquarters: China

Products

  • Hacking-for-hire / offensive cyber intrusion services
  • Data exfiltration and network exploitation tooling
  • Commercial spyware and surveillance platforms

Government designation status

1 active designation from the surveyed authorities. Each is a public government record with a different legal effect — read the type label and scope on each.

EUSanction (asset-blocking)EU consolidated list (cyber sanctions, Council Implementing Regulation (EU) 2026/589) · 2026-03-16

Property within US jurisdiction is blocked and US persons are generally prohibited from dealings (e.g. OFAC SDN List).

Listed as an entity for an asset freeze under the EU horizontal cyber sanctions regime via Council Implementing Regulation (EU) 2026/589, for providing offensive cyber/hacking services affecting EU member states and partners. Funds and economic resources are frozen and EU persons are prohibited from making resources available to the entity.

Council of the EU — Cyber-attacks against the EU: Council sanctions three entities and two individuals (16 March 2026); Council Implementing Regulation (EU) 2026/589

i-SOON / Anxun Information Technology is NOT on any U.S. primary-government list. It is not on the OFAC SDN List, the BIS Entity List, the Treasury NS-CMIC List, or the FCC Covered List. U.S. action against the company consists of a DOJ indictment (SDNY, unsealed March 2025, charging eight i-SOON employees and two PRC Ministry of Public Security officers) and a U.S. State Department Rewards for Justice offer — neither of which is a list designation, so no U.S. designation is recorded here. The related OFAC SDN designations from January and March 2025 (Yin Kecheng; Zhou Shuai and Shanghai Heiying Information Technology Company, Ltd.) targeted individuals and a different company, not i-SOON/Anxun. The only confirmed primary-government LIST designation is the EU consolidated-list listing of 2026-03-16.

This dossier restates public government-designation records; it is not an allegation of wrongdoing by AI Analytics, and it publishes no customer-deployment claims or targeting data. A designation describes a specific legal action by a named authority — read its scope; an export control, an equipment-authorization restriction, and an asset-blocking sanction are not the same thing. To dispute or correct an entry, contact us (see the methodology). Status current as of the 2026-06-23 build — confirm against the linked primary source. Back to all vendors.