Find a Security Clearance Job!

Intelligence


Third Department

The Third Department of the General Staff Headquarters is responsible for monitoring the telecommunications of foreign armies and producing finished intelligence based on the military information collected.

The communications stations established by the Third Department of the PLA General Staff Headquarters are not subject to the jurisdiction of the provincial military district and the major military region of where they are based. The communications stations are entirely the agencies of the Third Department of the PLA General Staff Headquarters which have no affiliations to the provincial military district and the military region of where they are based. The personnel composition, budgets, and establishment of these communications stations are entirely under the jurisdiction of the Third Department of the General PLA General Staff Headquarters, and are not related at all with local troops.

China maintains the most extensive SIGINT network of all the countries in the Asia-Pacific region. SIGINT systems include several dozen ground stations, half a dozen ships, truck-mounted systems, and airborne systems. Third Department headquarters is located in the vicinity of the GSD First Department (Operations Department), AMS, and NDU complex in the hills northwest of the Summer Palace. The Third Department (zongcan sanbu) is allegedly manned by approximately 20,000 personnel, with most of their linguists trained at the Luoyang Institute of Foreign Languages.

Ever since the 1950's, the Second and Third Departments of the PLA General Staff Headquarters have established a number of institutions of secondary and higher learning for bringing up "special talents."

The PLA Foreign Language Institute at Luoyang comes under the Third Department of the General Staff Department and is responsible for training foreign language cadres for the monitoring of foreign military intelligence. The Institute was formed from the PLA "793" Foreign Language Institute, which moved from Zhangjiakou after the Cultural Revolution and split into two institutions at Luoyang and Nanjing.

Though the distribution order they received upon graduation indicated the "PLA General Staff Headquarters," many of the graduates of these schools found themselves being sent to all parts of the country, even to remote and uninhabited backward mountain areas. The reason is that the monitoring and control stations under the Third Department of the PLA General Staff Headquarters are scattered in every corner of the country.

The communications stations located in the Shenzhen base of the PLA Hong Kong Garrison started their work long ago. In normal times, these two communications stations report directly to the Central Military Commission and the PLA General Staff Headquarters. Units responsible for coordination are the communications stations established in the garrison provinces of the military regions by the Third Department of the PLA General Staff Headquarters.

By taking direct command of military communications stations based in all parts of the country, the CPC Central Military Commission and the PLA General Staff Headquarters can not only ensure a successful interception of enemy radio communications, but can also make sure that none of the wire or wireless communications and contacts among major military regions can escape the ears of these communications stations, thus effectively attaining the goal of imposing a direct supervision and control over all major military regions, all provincial military districts, and all group armies.

On Monday, June 9, 2014, CrowdStrike publicly released a report on a group called Putter Panda, a cyber espionage actor that conducts operations from Shanghai, China, likely on behalf of the Chinese People’s Liberation Army (PLA) 3rd Department 12th Bureau Unit 61486. CrowdStrike was founded by former senior executives at big antivirus company McAfee, now part of Intel. It has contracts and other ties to the U.S. government.

Putter Panda is a determined adversary group, conducting intelligence-gathering operations targeting the Government, Defense, Research, and Technology sectors in the United States, with specific targeting of space, aerospace, and communications. Putter Panda is a cyber espionage actor that conducts operations from Shanghai, China, likely on behalf of the Chinese People’s Liberation Army (PLA) 3rd Department 12th Bureau Unit 61486.

The PLA’s General Staff Division (GSD) Third Department appears to be China’s primary SIGINT collection and analysis agency. The 12th Bureau, Unit 61486, headquartered in Shanghai’s Chabei District, supports China’s space surveillance network. They are a determined adversary group, conducting intelligence-gathering operations targeting the Government, Defense, Research, and Technology sectors in the United States, with specific targeting of space, aerospace, and communications.

The group has been operating since at least 2007 and has been observed heavily targeting the US Defense and European satellite and aerospace industries. They focus their exploits against popular productivity applications such as Adobe Reader and Microsoft Office to deploy custom malware through targeted email attacks. CrowdStrike identified Chen Ping, aka cpyy, a suspected member of the PLA responsible for procurement of the domains associated with operations conducted by Putter Panda.




NEWSLETTER
Join the GlobalSecurity.org mailing list