Reconnaissance General Bureau

Threat Actor updated 6 days ago (2024-09-02T20:18:12.964Z)
Download STIX
Preview STIX
The Reconnaissance General Bureau (RGB) is a North Korean intelligence agency responsible for clandestine operations abroad, and it is believed to coordinate the nation's cyber activities. The RGB has been linked to several advanced persistent threat (APT) groups, including BeagleBoyz, Kimsuky, Andariel, and Lazarus, which have been active since at least 2014. These groups are known for their malicious cyber acts, such as hacking computer networks of U.S. hospitals and other healthcare providers, encrypting their electronic files, extorting ransom payments, and then laundering those payments. Furthermore, these groups have also targeted defense and technology entities across the globe, aiming to exfiltrate sensitive information. One significant incident involved the exploitation of MagicLine4NX, an authentication software widely used in South Korea, by the RGB for espionage purposes in March. Another noteworthy episode includes the indictment of Rim, an individual who worked for the RGB and participated in various cyber-attacks targeting U.S. hospitals and healthcare providers. Rim and his co-conspirators, known as 'Andariel,' 'Onyx Sleet,' and 'APT45,' allegedly laundered ransom payments through China-based facilitators and used the proceeds to purchase internet infrastructure, which was then utilized to hack and extract sensitive defense and technology information from global entities. The RGB's cyber activities have led to international sanctions against key individuals associated with the bureau. Recently, South Korean authorities imposed sanctions on eight North Korean individuals, including Ri Chang-ho, the head of the RGB, who is believed to be behind major cyberattacks orchestrated by hacking groups like Kimsuky, Lazarus, and Andariel. The list of newly blacklisted individuals also includes Yun Chol, who was implicated in supplying nuclear materials while working at the North Korean Embassy in China. These actions underscore the international community's concern about the RGB's ongoing cyber threats and illicit activities.
Description last updated: 2024-09-02T20:16:11.138Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Andariel
6
Andariel, a state-backed threat group linked to North Korea's Reconnaissance General Bureau, has been identified as a significant cyber threat. The group has demonstrated its capabilities by compromising critical national infrastructure organizations, accessing classified technical information and i
Kimsuky
2
Kimsuky, also known as Springtail, ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, and APT43, is a North Korea-linked threat actor first identified by a Kaspersky researcher in 2013. This cyberespionage group has been associated with various malicious activities, including spear-phishing camp
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Korean
Reconnaissance
State Sponso...
Phishing
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
Lazarus GroupUnspecified
2
The Lazarus Group, a notorious threat actor associated with North Korea, has been implicated in several high-profile cyber attacks and exploitation activities. The group's objective often involves establishing a kernel read/write primitive, which allows them to gain high-level access to systems and
Source Document References
Information about the Reconnaissance General Bureau Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
5 days ago
North Korean APT Exploits Novel Chromium, Windows Bugs to Steal Crypto
BankInfoSecurity
6 days ago
North Korean Hackers Tied to Exploits of Chromium Zero-Day
Securityaffairs
a month ago
North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks
DARKReading
a month ago
US Offers $10M Reward for Information on North Korean Hacker
Flashpoint
a month ago
COURT DOC: North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers
InfoSecurity-magazine
5 months ago
North Korean Group Kimsuky Exploits DMARC and Web Beacons
CSO Online
2 years ago
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
CERT-EU
8 months ago
FBIs Most Wanted In CA: Suspected Spies, Hackers, Terrorists, Killers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
8 months ago
Cyber Security Week In Review: December 29, 2023
CERT-EU
8 months ago
S. Korea Sanctions 8 N. Koreans Over Arms Trade, Cyberattacks
CERT-EU
9 months ago
North Korean hackers stole anti-aircraft system data from South Korean firm | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
BankInfoSecurity
9 months ago
North Korean Hackers Steal South Korean Anti-Aircraft Data
CERT-EU
9 months ago
US Govt’s OFAC Sanctions North Korea-based Kimsuky Hacking Group
CERT-EU
a year ago
Election watchdog's cybersecurity system vulnerable to hacking attacks: NIS | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
2 years ago
Seoul Sanctions North Korea Over Crypto Theft – Bitcoin News
BankInfoSecurity
a year ago
US Sanctions N. Korean Entities for Sending Funds to Regime
CSO Online
a year ago
Lazarus group infiltrated South Korean finance firm twice last year
CERT-EU
2 years ago
‘North Korea-linked’ Hackers Made Off With at Least $630 Million in Crypto, Report Claims
CERT-EU
a year ago
Send nukes
CERT-EU
a year ago
North Korean defectors' group leader attacked by state-backed hackers