In a landmark 2013 report, the cybersecurity firm Mandiant attributed APT1 to what was the Second Bureau of the Third Department of the People’s Liberation Army’s (PLA) General Staff Department (GSD) prior to the restructuring of China’s military initiated in 2015. The outfit is also commonly referred to by its Military Unit Cover Designator (MUCD): Unit 61398. The report bases these conclusions on matching characteristics between the observed cyber operations of APT1 and publicly-available reports on Unit 61398 regarding its mission, tools, tactics and procedures (TTPs), its scale of operations, employee requirements, geographic location, and infrastructure. As part of the 2015 military reforms, computer network exploitation and computer network attack capabilities that previously were collocated in the GSD Third Department (3PLA) and Fourth Department (4PLA) have been unified within the newly-established PLA’s Strategic Support Force (SSF). MUCDs assigned to the SSF now range between 32001 and 32099. Open-source analysis indicates that the 3PLA headquarters, as well as the Second Bureau/Unit 61398, have been transferred to the SSF Network Systems Department.