After the public learned of the leaked documents from the Chinese Information security company i-SOON in February 2024, various media and analysts from the cyber security industry, including the Natto Team, seized the rare opportunity to uncover "the world of China’s hackers for hire". A year later, on March 5, 2025, the US Department of Justice (US DoJ) unsealed an indictment charging eight i-SOON employees and two officers of the Chinese Ministry of Public Security for alleged hacking activities from 2016 to 2023. The i-SOON indictment revealed further details on the company’s operation, particularly, how i-SOON actors coordinated with the Chinese Ministry of Public Security (MPS) and Ministry of State Security (MSS).

Indictments can be valuable resources for cyber threat intelligence (CTI) analysts: they provide insights into the activities, tactics, and infrastructure of threat actors, which can be used to improve threat detection and response capabilities. Indictments also identif…