Anxun

Threat Actor updated 3 months ago (2024-11-29T14:04:20.354Z)
Download STIX
Preview STIX
Anxun Information Technology Co., also known as iSoon, has been identified as a significant threat actor in the realm of cybersecurity. A data leak revealed on February 18, 2024, disclosed the company's strong ties to the Chinese government through various contracts. This leak, which originated from an anonymous source and was posted on Github, exposed Anxun's role as a private industry contractor for the Chinese Ministry of Public Security (MPS). The leaked information confirmed suspicions about China's state-sponsored cyber espionage operations, with Anxun playing a crucial part. The leaked data included various details that shed light on Anxun's deceptive practices and internal issues. Links 0-1 discuss how the company deceived the national security agency, while links 2-10 reveal a series of employee complaints. Furthermore, links 11-13 present information regarding Anxun’s financial problems. These insights show a company dealing with internal strife and unethical practices, even as it engages in activities detrimental to national and international cybersecurity. Moreover, the data leak unveiled Anxun's extensive infiltration into overseas government departments, including those of India, Thailand, Vietnam, South Korea, NATO, and others, as discussed in links 39 to 60. Chat records between Anxun’s top boss Wu Haibo and his second boss Chen Cheng, found in link 14, provided further evidence of the company's illicit activities. It was also revealed that Anxun executives used a combination of late-night parties, alcohol, women, and loyalty to party ideology to woo government officials and secure lucrative contracts. This combination of domestic and international deception highlights Anxun's status as a serious threat actor in global cybersecurity.
Description last updated: 2024-10-17T12:20:50.581Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
I-Soon is a possible alias for Anxun. i-Soon, also known as Anxun, is a threat actor identified as a private industry contractor for the Chinese Ministry of Public Security (MPS). The company has recently been implicated in a massive data leak that surfaced on Github. As elaborated by Tom Uren and Catalin Cimpanu, i-Soon frequently init
4
ISOON is a possible alias for Anxun. The iSoon campaign, a series of related activities with a unified goal, was centered around the Shanghai Anxun Information Technology (Anxun; aka iSOON), a key Chinese InfoSec vendor. This campaign saw a significant leak of information that put the spotlight on China's growing hacking industry. The
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Chinese
ISOON
State Sponso...
Data Leak
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The APT27 Threat Actor is associated with Anxun. APT27, also known as Emissary Panda or Iron Taurus, is a threat actor suspected to be associated with China and has been involved in cyber operations primarily aimed at intellectual property theft. The group targets organizations globally, including those in North and South America, Europe, and the Unspecified
2
Source Document References
Information about the Anxun Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more