This week marks the one-year anniversary of the i-SOON leaks1—files, chat logs, and images exposing the company's eight-year espionage effort targeting at least 20 foreign governments for China’s government agencies. Since then, threat intelligence reports, U.S. indictments and sanctions have uncovered additional contractors linked to Chinese state-sponsored operations, such as Integrity Tech (北京永信至诚科技有限公司) and Sichuan Silence (四川无声信息技术), covered by the Natto Team in reports 1, 2, and 3. All these firms appeared in the i-SOON leaks at some point, revealing a tightly connected network of business partners, competitors, clients, and exploit brokers.

Other actors, such as the Pangu Team (盘古团队) (Pangu), were also mentioned in the leaks. Known as one of China’s top white-hat hacker groups specializing in mobile system and application security, Pangu has gained global recognition since 2014 for its groundbreaking iOS jailbreaks2—downloaded tens of millions of times—and its performance in hacki…