Reconnaissance General Bureau Rgb

Threat Actor updated 4 days ago (2024-09-10T04:18:22.451Z)
Download STIX
Preview STIX
The Reconnaissance General Bureau (RGB) is a key threat actor group associated with North Korea's cyber espionage activities. Known within the global cybersecurity industry as the umbrella organization for hacking groups like "Lazarus Group," "Bluenoroff," and "Andariel," it operates under the Korean People's Army. The RGB 3rd Bureau, based in Pyongyang and Sinuiju, includes state-sponsored cyber groups such as Andariel, Onyx Sleet (formerly PLUTONIUM), DarkSeoul, Silent Chollima, and Stonefly/Clasiopa. The U.S. Federal Bureau of Investigation (FBI) has released advisories highlighting the cyber espionage activity associated with the RGB, identifying its actions as aligning with North Korea's primary foreign intelligence agency. Several individuals and entities have been implicated in connection with the RGB. For instance, Pyongyang University of Automation, one of North Korea’s premier cybersecurity instruction institutions, was sanctioned by the US for training malicious cybersecurity actors who often end up working in cybersecurity units subordinate to the RGB. Furthermore, an indictment filed in the U.S. District Court in Los Angeles alleges that Jon Chang Hyok, Kim Il, and Park Jin Hyok were members of units of the RGB, engaging in criminal hacking activities. Another individual, Rim, was alleged to have worked for the RGB, participating in the conspiracy to target and hack computer networks of U.S. hospitals and other healthcare providers. Kimsuky, also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (previously Thallium), Nickel Kimball, and Velvet Chollima, is another active element operating under the RGB since 2012. Researchers from Google-owned cybersecurity firm Mandiant noted that APT43's collection priorities align with the mission of the RGB, suggesting that their campaigns are likely centered around enabling North Korea’s weapons program, collecting information about international negotiations, sanctions policy, and other countries' foreign relations and domestic politics. Despite not using zero-day exploits like other state-sponsored APTs, the group has been adept at social engineering and credential harvesting in support of highly targeted phishing campaigns.
Description last updated: 2024-09-10T03:17:41.793Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Andariel
3
Andariel, also known as Jumpy Pisces and Onyx Sleet, is a threat actor primarily involved in cyberespionage and ransomware activities. Originating from North Korea, this group has been linked to several malicious cyber activities alongside other groups like Lazarus Group and Bluenoroff. The group's
Apt43
2
APT43, also known as Kimsuky, Sparkling Pisces, Emerald Sleet, and Velvet Chollima among other names, is a North Korean state-sponsored advanced persistent threat (APT) group involved in cybercrime and espionage. This threat actor conducts intelligence collection and uses cybercrime to fund its espi
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Reconnaissance
State Sponso...
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Reconnaissance General Bureau Rgb Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Unit42
4 days ago
Threat Assessment: North Korean Threat Groups
InfoSecurity-magazine
a month ago
North Korea Kimsuky Launch Phishing Attacks on Universities
Flashpoint
a month ago
COURT DOC: North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers
CISA
a month ago
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA
CISA
a month ago
FBI, CISA, and Partners Release Advisory Highlighting North Korean Cyber Espionage Activity | CISA
CERT-EU
9 months ago
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans
CERT-EU
9 months ago
US Govt’s OFAC Sanctions North Korea-based Kimsuky Hacking Group
Securityaffairs
9 months ago
US govt sanctioned North Korea-linked APT Kimsuky
CERT-EU
9 months ago
U.S. government sanctions prolific North Korean cyber espionage unit
CSO Online
a year ago
North Korean threat actor APT43 pivots back to strategic cyberespionage
CSO Online
a year ago
US sanctions four North Korean entities for global cyberattacks
CERT-EU
a year ago
North Korea hackers breached US IT company
MITRE
2 years ago
Three North Korean Military Hackers Indicted in Wide-Ranging Scheme
CERT-EU
a year ago
Beware: New 'Rustbucket' Malware Variant Targeting macOS Users
BankInfoSecurity
a year ago
JumpCloud Blames North Korean Hackers on Breach
CERT-EU
2 years ago
North Korean UNC2970 Hackers Expands Operations with New Malware Families
CERT-EU
a year ago
JumpCloud Cyberattack Linked to North Korean Hackers
CERT-EU
a year ago
North Korean Hackers Targets Russian Missile Engineering Firm
DARKReading
a year ago
Automatic Updates Deliver Malicious 3CX 'Upgrades' to Enterprises
CERT-EU
a year ago
North Korean APT group targets email credentials in social engineering campaign