Technical Reconnaissance Bureau

Threat Actor updated 4 days ago (2024-11-29T14:51:13.212Z)
Download STIX
Preview STIX
The Technical Reconnaissance Bureau (TRB), also known as the Fourteenth Bureau, is a North Korea-based threat actor that leads the Democratic People's Republic of Korea's (DPRK) development of offensive cyber tactics and tools. The TRB conducts mail inspection, telecommunications inspection and control, and coordinates the activities of several departments, including those affiliated with the Lazarus Group. The Lazarus Group has been associated with significant cyber-attacks, including the largest virtual currency heist to date in March 2022, where approximately $620 million was stolen from a blockchain project linked to the online game Axie Infinity. The US Department of State and the Department of Treasury have imposed sanctions on the TRB, along with other entities and individuals such as Pyongyang University of Automation, the 110th Research Center cybersecurity unit, Chinyong Information Technology Cooperation Company, and North Korean national Kim Sang Man. These sanctions were imposed due to their roles in conducting malicious cyber activities and deploying IT workers who fraudulently obtained jobs to generate revenue, including virtual currency, to support the Kim regime and its priorities. The TRB and its subordinate cyber unit, the 110th Research Center, were specifically designated for being agencies, instrumentalities, or controlled entities of the Government of North Korea or the Workers’ Party of Korea. Attribution of cyber attacks to the TRB has been complex and requires extensive research. In the past, researchers could trace Chinese attacks back to specific towns where TRB offices were located, aiding in attribution. However, current investigations into incident response and intrusion require years of research to accurately locate the TRB or its affiliations with the threat actor. As a result, the TRB remains a significant threat in the cybersecurity landscape, given its capabilities and associations with high-profile cyber-attacks.
Description last updated: 2024-05-04T16:11:34.912Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Treasury
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lazarus Group Threat Actor is associated with Technical Reconnaissance Bureau. The Lazarus Group, a notorious threat actor attributed to North Korea, is renowned for its malicious activities aimed at furthering the country's objectives. This group has been implicated in several high-profile cyber-attacks, including an attack in Spain known as Operation DreamJob. The exploitatiUnspecified
4
Source Document References
Information about the Technical Reconnaissance Bureau Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more