Skip to content

APT Profile – APT 1

Demonstrating the Cumulative Effects of Cyber Operations

About APT 1

In a landmark 2013 report, the cybersecurity firm Mandiant attributed APT1 to what was the Second Bureau of the Third Department of the People’s Liberation Army’s (PLA) General Staff Department (GSD) prior to the restructuring of China’s military initiated in 2015. The outfit is also commonly referred to by its Military Unit Cover Designator (MUCD): Unit 61398. The report bases these conclusions on matching characteristics between the observed cyber operations of APT1 and publicly-available reports on Unit 61398 regarding its mission, tools, tactics and procedures (TTPs), its scale of operations, employee requirements, geographic location, and infrastructure. As part of the 2015 military reforms, computer network exploitation and computer network attack capabilities that previously were collocated in the GSD Third Department (3PLA) and Fourth Department (4PLA) have been unified within the newly-established PLA’s Strategic Support Force (SSF). MUCDs assigned to the SSF now range between 32001 and 32099. Open-source analysis indicates that the 3PLA headquarters, as well as the Second Bureau/Unit 61398, have been transferred to the SSF Network Systems Department.

Associated APT designations

Country of origin

Period of activity


More APT profiles

  • Research and Analysis
APT Profile – UNC1151

May 25, 2023
Technical and contextual characteristics of the UNC1151 group are analysed in this APT Profile from the EuRepoC team
Load More

End of Content.

Welcome to our Cyber Incident Dashboard!

For best results, please view on a desktop device.