Tuesday, August 22, 2017

An analysis of China's Military Cyber Force: PLA Third Department and its Technical Reconnaissance Bureaus

We recently published a detailed, but unclassified paper entitled "China's Military Cyber Force: PLA Third Department and its Technical Reconnaissance Bureaus". The paper is being provided at no charge. 

EXECUTIVE SUMMARY

Several elements of China’s People’s Liberation Army (PLA) General Staff Third Department have been identified by Western analysts as involved in cyber intrusions into U.S. and other foreign networks.  These include the Second and Twelfth Bureaus of the Third Department, also known as the 61398 Unit and 61486 Unit, respectively, which have been profiled by Mandiant and CrowdStrike.  The Third Department’s Technical Reconnaissance Bureaus (TRB’s) are also suspected of involvement in cyber operations.  The Chengdu Second TRB (78020 Unit) was identified by ThreatConnect/DGI in 2015 as also conducting intrusions.

Based on this information, Wapack Labs conducted research on other Third Department elements to determine their possible involvement in these cyber operations mission for China.  Third Department units were profiled based on their published academic work, which revealed a subset of elements whose research was predominantly of cyber issues rather than SIGINT-related topics.  The elements identified were:

  • Third Department Computer Center (61539 Unit) in Beijing.  This center has a network security research mission and publishes extensively on computer security issues.
  • Chengdu Military Region Second TRB (78020 Unit) in Kunming.  Identified as a cyber actor, its academic work focused almost exclusively on computer security issues.
  • Lanzhou Military Region First TRB (68002 Unit) in Lanzhou.  There were 20 personnel at this unit identified as authors on cyber topics.
  • Lanzhou Military Region Second TRB (69010 Unit) in Urumqi.  Facilities for possible cyber operations have been built at a base separate from SIGINT operations.
  • Chengdu Military Region First TRB (78006 Unit) in Chengdu.  Addresses for authors of computer articles correspond to a Headquarters base separate from SIGINT operations.

     The paper may be downloaded here. "China's Military Cyber Force: PLA Third Department and its Technical Reconnaissance Bureaus"

    As a precaution, I've implemented a 24 hour delay between sign-up and paper delivery to allow verification of the request and user. 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)