Chinese Cyber Warfare Units & Their Strategic Role in Island Chain Defence 🌏💻
Introduction
In the shifting strategic landscape of the Indo-Pacific, China’s cyber warfare apparatus is an increasingly critical ... yet opaque ... element of its broader military and geopolitical toolkit. From the establishment of dedicated cyber forces within the People’s Liberation Army (PLA) to the integration of civilian intelligence agencies in offensive cyber operations, Beijing’s approach to cyberspace reflects a nuanced blend of defence, deterrence and power projection. For Australian policymakers, defence planners and cybersecurity practitioners, understanding Chinese cyber warfare units is essential to interpreting how Beijing might leverage digital operations in crises that involve the First and Second Island Chains — strategic maritime boundaries that define access, influence and deterrence in the region.
This analysis synthesises the latest evidence on Chinese cyber units as of 2026, articulates their operational roles, and connects those capabilities to the evolving concept of Island Chain defence strategy. We explain what is confirmed, what is emerging, and what that means for Australia’s national security and regional partnerships.
Chinese Cyber Warfare Organisational Structure
China’s cyber warfare architecture spans military and civilian intelligence bodies, with overlapping mandates for cyber defence, espionage and offensive operations.
The most visible component is the People’s Liberation Army Cyberspace Force (PLACF) ... established on 19 April 2024 as a distinct branch of the PLA under the Central Military Commission (CMC). It succeeded the former Strategic Support Force (SSF), which had consolidated cyber, space and electronic warfare functions since 2015 but was formally dissolved in 2024.
Alongside PLACF, the PLA Information Support Force (ISF) focuses on coordinating network information systems and information dominance in joint operations.
Outside the PLA, China’s civilian intelligence agencies play critical cyber roles too: the Ministry of State Security (MSS) operates a network of cyber espionage bureaus including the China Information Technology Security Evaluation Center (CNITSEC), often referenced as the technical cyber wing of MSS. The Ministry of Public Security (MPS) contributes through domestic cyber policing, digital surveillance and counterintelligence support to broader MSS objectives.
Collectively, this structure ... military cyber branches plus state intelligence organs ... forms a multi-layered cyber force capable of strategic, operational and tactical cyber missions.
Key Units, Roles & Capabilities
PLA Cyberspace Force (PLACF)
The PLA Cyberspace Force is now Beijing’s principal military cyber warfare service, responsible for securing national cyberspace, conducting cyber offence and defence, and supporting informationised warfare doctrine. It includes several Technical Reconnaissance Bases aligned with China’s theatre commands, enabling regional operational reach and integration with other domains.
Within PLACF’s operational structure, analysts and incident responders have identified legacy units, such as Unit 61398, historically associated with long-term cyber espionage against foreign governments and industry targets. Though publicly documented since the early 2000s, such units are often re-badged under new organisational designators within the Cyberspace Force.
Other specialised PLACF components focus on offensive cyber operations (malware deployment, network exploitation), defensive network security and electronic warfare integration, supporting PLA joint campaigns through multi-domain synchronisation.
Ministry of State Security (MSS) Cyber Operations
The MSS manages China’s civilian intelligence cyber apparatus, often operating through provincial and municipal State Security Bureaus and semi-autonomous cyber units. Its focus includes:
• Strategic cyber espionage targeting foreign political, military and economic networks.
• Technical support to PLA cyber missions.
• Information operations that shape foreign perceptions.
CNITSEC (the MSS’s 13th Bureau) is a key node in this network, conducting technical evaluations, exploitation and vulnerability research that underpins MSS cyber campaigns.
Ministry of Public Security (MPS)
The MPS supports cyber operations primarily through domestic network security enforcement and counter-intelligence. Its cyber units provide intelligence feeds to MSS and PLA operations and maintain surveillance on digital platforms, especially where national unity or regime stability is perceived to be at risk.
Island Chain Defence Strategy & Cyber Operations
China’s Island Chain defence framework — extending from the First Island Chain (Kurils–Japan–Taiwan–Philippines–Borneo) to the Second Island Chain (Japan–Marianas–PNG) — shapes PLA military planning and readiness. In a conflict scenario, cyber operations would be integral to operations across these maritime boundaries.
Cyber units can:
• Disrupt enemy communications, logistics and C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance, Reconnaissance).
• Support anti-access/area denial (A2/AD) campaigns by targeting adversary networks before or during kinetic confrontations.
• Conduct reconnaissance for preparing cyber targeting of sensors and weapons systems anchored in the Island Chains.
This fusion of cyber and conventional operations underpins China’s broader strategy of informatised warfare — where information dominance becomes a force multiplier across theatres.
Potential Influence & Threat Assessment
China’s cyber capability projects both defensive and offensive potency:
• Persistent espionage: Long-running units (e.g. Unit 61398) demonstrate the PLA’s ability to conduct sustained intelligence collection on foreign defence industries and government networks.
• Offensive disruption: PLACF’s mandate includes pre-emptive cyber strikes that could degrade adversary decision cycles or infrastructure during flashpoints.
• Civil–military integration: MSS and MPS cyber operations extend state reach beyond the military domain, blurring lines between civilian tech assets and national strategic missions.
The interplay between military, civilian and paramilitary cyber actors increases complexity for foreign governments attempting to attribute attacks or shape deterrence.
Implications for Australia & Regional Security
Australia’s security posture must adapt to these multi-domain threats:
• Defence and deterrence planning should factor cyber operations into contingency scenarios involving Taiwan, the South China Sea and allied exercises.
• Allied interoperability with Five Eyes partners strengthens collective situational awareness and cyber resilience.
• Private–public sector cooperation is essential; much of critical infrastructure is non-government controlled but remains a target vector.
Engagement with regional partners to harmonise threat intelligence sharing and cooperative cyber defence exercises will enhance deterrence across the First and Second Island Chains.
Conclusion
Understanding Chinese cyber warfare units isn’t about hypothetical scenarios alone — it’s about recognising how Beijing organises, executes and integrates digital operations with its broader military ambitions. From the PLA Cyberspace Force’s structural evolution to MSS-led cyber espionage campaigns, China’s cyber strategy is a sophisticated blend of defence, offence and strategic influence.
For Australia, the imperative is clear: cyber resilience and strategic awareness are core to regional security efforts in an era where bytes can be as consequential as ballistic missiles.
0 Comments