Technical Reconnaissance Bureau

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
The Technical Reconnaissance Bureau (TRB), also known as the Fourteenth Bureau, is a North Korea-based threat actor that leads the Democratic People's Republic of Korea's (DPRK) development of offensive cyber tactics and tools. The TRB conducts mail inspection, telecommunications inspection and control, and coordinates the activities of several departments, including those affiliated with the Lazarus Group. The Lazarus Group has been associated with significant cyber-attacks, including the largest virtual currency heist to date in March 2022, where approximately $620 million was stolen from a blockchain project linked to the online game Axie Infinity. The US Department of State and the Department of Treasury have imposed sanctions on the TRB, along with other entities and individuals such as Pyongyang University of Automation, the 110th Research Center cybersecurity unit, Chinyong Information Technology Cooperation Company, and North Korean national Kim Sang Man. These sanctions were imposed due to their roles in conducting malicious cyber activities and deploying IT workers who fraudulently obtained jobs to generate revenue, including virtual currency, to support the Kim regime and its priorities. The TRB and its subordinate cyber unit, the 110th Research Center, were specifically designated for being agencies, instrumentalities, or controlled entities of the Government of North Korea or the Workers’ Party of Korea. Attribution of cyber attacks to the TRB has been complex and requires extensive research. In the past, researchers could trace Chinese attacks back to specific towns where TRB offices were located, aiding in attribution. However, current investigations into incident response and intrusion require years of research to accurately locate the TRB or its affiliations with the threat actor. As a result, the TRB remains a significant threat in the cybersecurity landscape, given its capabilities and associations with high-profile cyber-attacks.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Reconnaissance General Bureau Rgb
1
The Reconnaissance General Bureau (RGB) is a North Korean military intelligence agency identified as a threat actor responsible for various cyberattacks. RGB is associated with hacking groups known as the "Lazarus Group," "Bluenoroff," and "Andariel," which are recognized as agencies or controlled e
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Treasury
Reconnaissance
Exploit
Chinese
Dprk
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Lazarus GroupUnspecified
4
The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large-
RgbUnspecified
1
RGB, a threat actor with ties to North Korea, has been involved in a range of malicious cyber activities. The group was designated by the Office of Foreign Assets Control (OFAC) on January 2, 2015, under Executive Order 13687 for being a controlled entity of the North Korean government. In addition
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Technical Reconnaissance Bureau Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
BankInfoSecurity
a year ago
US Sanctions N. Korean Entities for Sending Funds to Regime
CSO Online
a year ago
US sanctions four North Korean entities for global cyberattacks
Securityaffairs
a year ago
The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea
CERT-EU
a year ago
Eight years since the Obama-Xi agreement, Chinese hacking is worse than ever
MITRE
a year ago
Read Featured Article "Whois Numbered Panda" by Adam Meyers
BankInfoSecurity
a year ago
US Sanctions North Korean Entities for Sending Regime Funds
CERT-EU
a year ago
The US sanctions entities linked to North Korean hackers
CERT-EU
a year ago
Global Watch | How Chinese spy agency MSS disrupts the world
Secureworks
a year ago
ShadowPad Malware Analysis
CERT-EU
a year ago
US Sanctions North Korean Entities Training Expat IT Workers in Russia, China and Laos