PLA Unit 61398 - Intelligence notes

# [[PLA Unit 61398]] (Integrated into [[PLA Cyberspace Force]]) ## Executive Profile (BLUF) * [[PLA Unit 61398]] (widely tracked as [[APT1]] or Comment Crew) is a premier cyber warfare entity historically operating under the [[People's Liberation Army]] (PLA). Originally infamous for conducting massive intellectual property theft against Western corporations, the unit's mandate and structure have been radically transformed over the past decade. Following the April 2024 dissolution of the [[Strategic Support Force]] (SSF), the unit's remnants and operational functions have been fully absorbed by the newly established, independent [[PLA Cyberspace Force]]. Its modern posture has pivoted away from economic espionage towards direct military battlefield preparation, strategic network disruption, and securing "Information Dominance" (制信息权) for the Chinese state. ## Grand Strategy & Strategic Objectives * **Information Dominance:** The core doctrinal objective guiding the unit's current iteration is the establishment of absolute superiority in the electromagnetic and cyber domains. The goal is to achieve the pre-emptive or simultaneous paralysis of adversary command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) networks during the opening phases of a kinetic conflict. * **Strategic Re-tasking & Battlefield Preparation:** Following its public exposure in 2013 and the subsequent elevation of the [[Ministry of State Security]] (MSS) as China's primary economic espionage actor, the PLA's cyber elements have been re-tasked. The strategic focus has shifted from civilian intellectual property theft to prepositioning persistent access within adversary critical military and civilian infrastructure (e.g., energy, water, logistics) to deter or disrupt foreign intervention in regional flashpoints, particularly concerning [[Taiwan]] or the [[South China Sea]]. ## Capabilities & Power Projection * **Kinetic/Military:** While strictly a non-kinetic force, the unit acts as a vital enabler for conventional military branches (such as the [[PLA Rocket Force]] and [[PLA Air Force]]). By blinding early warning radars and disrupting anti-aircraft networks via cyber-physical attacks, it directly facilitates kinetic power projection. * **Intelligence & Cyber:** The unit possesses world-class Advanced Persistent Threat (APT) capabilities. Historically reliant on spear-phishing and custom malware, its contemporary operations—under the [[PLA Cyberspace Force]]—heavily utilise zero-day exploits, "living off the land" (LOTL) techniques, and complex supply chain compromises to maintain deep, stealthy persistence in secure networks without triggering defensive heuristics. * **Cognitive & Information Warfare:** The unit synergises its network disruption operations with the [[PLA Information Support Force]] and civilian agencies to execute the PLA's "Three Warfares" doctrine. This involves exploiting network blackouts or compromised communication channels to inject psychological operations (PsyOps) and disinformation, thereby degrading adversary decision-making and public morale. ## Network & Geopolitical Alignment * **Primary Allies/Proxies:** * [[Ministry of State Security]] (MSS) - Operates in a strict division of labour with the PLA; the MSS manages economic espionage and domestic dissent, while the PLA focuses on military and strategic targets. * [[PLA Aerospace Force]] - Works in tandem to ensure joint dominance over satellite communications and space-based assets. * State-affiliated civilian contractors and "patriotic hacker" collectives, which provide supplementary vulnerability research and plausible deniability. * **Primary Adversaries:** * [[United States Cyber Command]] (USCYBERCOM) and the [[National Security Agency]] (NSA) - The primary strategic and technical adversaries. * [[Taiwan Ministry of National Defence]] - The primary regional target for continuous reconnaissance and battlefield preparation. * [[India]] - Targeted for espionage regarding border infrastructure and defence research, particularly following the Galwan Valley skirmishes. ## Leadership & Internal Structure * **State Command Structure:** Historically managed by the 2nd Bureau of the General Staff Department's 3rd Department (3PLA), the unit's operational command was entirely overhauled during the April 2024 military reforms. Command is now highly centralised, running directly from the [[Central Military Commission]] (CMC)—chaired by [[Xi Jinping]]—through the independent [[PLA Cyberspace Force]]. * **Physical Footprint:** The unit's historical locus of operations was geolocated to a highly secure, 12-storey facility off Datong Road in the Pudong district of [[Shanghai]]. While the technical infrastructure has likely decentralised since its exposure, this facility remains emblematic of PLA cyber infrastructure. * **Vulnerabilities:** The catastrophic operational security failures that led to the 2013 Mandiant exposure and 2014 US Department of Justice indictments forced a decade of internal purges and restructuring. Currently, the primary internal friction stems from intense inter-agency rivalry with the [[MSS]] for state funding, access to premium zero-day vulnerabilities, and the recruitment of top-tier civilian cyber talent.