Reconnaissance General Bureau

It is the direct successor of the General Staff Department of the Korean People's Army's Reconnaissance Bureau ({{langx|ko|정찰국}}){{Cite web|url=https://www.38north.org/wp-content/uploads/2010/06/38north_SR_Bermudez2.pdf|title=38 North Special Report: A New Emphasis on Operations Against South Korea?|website=38 North}} (which was responsible for several North Korean acts of espionage such as the 1996 Gangneung submarine infiltration incident{{Cite web | title = In 1996, a Dead North Korean Spy Submarine (Armed with Commandos) Nearly Started a War | date = 13 March 2017 | publisher = Center for the National Interest | url = https://nationalinterest.org/blog/the-buzz/1996-dead-north-korean-spy-submarine-armed-commandos-nearly-19750 }}). In addition, two former offices of the Central Committee of the Workers' Party of Korea (WPK) were moved into the Reconnaissance General Bureau, namely the WPK's External Investigations and Intelligence Department ({{langx|ko|조선노동당 대외정보조사부}}), also known as Office 35, and the WPK's Operations Department, which was responsible for kidnapping foreign nationals during the Cold War.{{Cite book|last=Gause |first=Ken E. |year=2006 |title=North Korean Civil-military Trends: Military-first Politics to a Point |location=Carlisle Barracks, Pennsylvania |publisher=Strategic Studies Institute, U.S. Army War College |page=[https://books.google.com/books?id=X8krAAAAYAAJ&pg=PA28&lpg=PA28 28] |isbn=978-1-58487-257-3 }}{{cite book|last=Gause|first=Ken E. |year=2013 |chapter=The Role and Influence of the Party Apparatus |editor1=Park, Kyung-ae |editor2=Snyder, Scott |title=North Korea in Transition: Politics, Economy, and Society |publisher=Rowman & Littlefield |isbn=978-1442218123 |pages=19–46 }}

The RGB was established in 2009 to consolidate various intelligence and special operations agencies of the North Korean government, meaning that units previously tasked with "political warfare, foreign intelligence, propaganda, subversion, kidnapping, special operations, and assassinations" were merged into one single organization.{{Cite web|url=https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/141218_Cyber_Operations_North_Korea.pdf|title=The Organization of Cyber Operations in North Korea|website=Center for Strategic and International Studies|access-date=16 October 2017|archive-date=30 June 2019|archive-url=https://web.archive.org/web/20190630205539/https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/141218_Cyber_Operations_North_Korea.pdf|url-status=dead}}

In August 2010, an RGB agent posing as a defector was caught by South Korean police for planning to assassinate Hwang Jang-yop, who had defected from North Korea in 1997. The previous month two North Korean spies had been imprisoned for plotting to murder Hwang.{{cite web|url=https://www.aljazeera.com/news/asia-pacific/2010/10/2010102015647458350.html|title=S Korea arrests 'N Korean agent' |website=Al Jazeera |date=20 October 2010}} North Korea denied involvement, but the later defector "Kim Kuk-song" said that he had personally directed the July 2010 operation. "Kim" also said "I can tell you that North Korean operatives are playing an active role in various civil society organisations as well as important institutions in South Korea.".

A defector, a former senior colonel known by the pseudonym Kim Kuk-song, whose identity has been verified by the BBC, had a senior position in the RGB until 2014, and revealed much information about the Bureau's activities in a 2021 interview with the BBC.{{Cite news |title=Drugs, arms, and terror: A high-profile defector on Kim's North Korea |last=Bicker |first=Laura |website=BBC News |date=11 October 2021 |url= https://www.bbc.co.uk/news/world-asia-58838834|quote=The BBC cannot independently verify [Kim Kuk-song's] claims, but we have managed to verify his identity and, where possible, found corroborating evidence for his allegations.}}

On October 31, 2017, two suspects were arrested by Public Security police in Beijing in an attempt to assassinate Kim Han-sol.{{cite web|url=https://www.telegraph.co.uk/news/2017/10/30/china-detains-north-korean-assassins-seeking-kim-jong-uns-dissident/|title=China 'detains North Korean assassins seeking Kim Jong-un's dissident nephew Kim Han-sol'|first=Julian|last=Ryall|date=30 October 2017|access-date=7 September 2018 |work=The Daily Telegraph}} They were part of a seven-man team sent by the RGB.{{cite web|url=http://www.freemalaysiatoday.com/category/nation/2017/10/31/chinese-police-foil-assassination-plot-on-jong-nams-son/ |title=Chinese police foil assassination plot on Jong Nam's son|date=31 October 2017|access-date=7 September 2018 |work=Free Malaysia Today}}

On November 12, 2021, an alleged RGB agent led an operation in Japan to illegally obtain foreign currency to shore up the North Korean economy by ordering two South Korean nationals to conduct a business that was against their official status of residence.{{Cite web|url=https://english.kyodonews.net/news/2021/11/4048c2afb2db-2-s-koreans-nabbed-in-japan-part-of-n-korea-cash-operation-sources.html|archive-url = https://web.archive.org/web/20211112000927/https://english.kyodonews.net/news/2021/11/4048c2afb2db-2-s-koreans-nabbed-in-japan-part-of-n-korea-cash-operation-sources.html|archive-date = 12 November 2021|title = 2 South Koreans nabbed in Japan part of North Korea cash operation: Sources}}

On February 15, 2022, an upcoming UN report mentions that the RGB is involved in running several service-related industries throughout Cambodia.{{cite web |url=https://www.nknews.org/2022/02/north-korean-spy-ran-hotels-casinos-and-travel-agency-in-cambodia-un-report/ |title=North Korean spy ran hotels, casinos and travel agency in Cambodia: UN report |website=NK News |access-date=22 February 2022 |archive-url=https://web.archive.org/web/20220215115059/https://www.nknews.org/2022/02/north-korean-spy-ran-hotels-casinos-and-travel-agency-in-cambodia-un-report/ |archive-date=15 February 2022 |url-status=dead}}

The foundations for North Korean cyber operations were built in the 1990s, after North Korean computer scientists returned from travel abroad proposing to use the Internet as a means to spy on enemies and attack militarily superior opponents such as the United States and South Korea. Subsequently, students were sent abroad to China to participate in top computer science programs.{{Cite news|url=https://www.nytimes.com/2017/10/15/world/asia/north-korea-hacking-cyber-sony.html|title=The World Once Laughed at North Korean Cyberpower. No More.|last1=Sanger|first1=David E.|date=2017-10-15 |work=The New York Times |access-date=2017-10-16|last2=Kirkpatrick|first2=David D.|language=en-US|issn=0362-4331|last3=Perlroth|first3=Nicole}}

The cyberwarfare unit was elevated to top priority in 2003 following the US invasion of Iraq.

The structure of the RGB is as follows as of 2021:{{Cite report|url=https://ccdcoe.org/uploads/2019/06/Art_08_The-All-Purpose-Sword.pdf|title=The All-Purpose Sword: North Korea's Cyber Operations and Strategies|last1=Ji Young|first1=Kong|last2=Jong In|first2=Lim|last3=Kyoung Gon|first3=Kim|work=2019 11th International Conference on Cyber Conflict: Silent Battle|publisher=NATO}}

Reconnaissance missions are also partially overseen by the General Staff Department (GSD) of the Korean People's Army (KPA). As of 2014, experts argued that "North Korea does not seem to have yet organized these units into an overarching Cyber Command."

The RGB appears to report directly to the National Defence Commission, as well as Kim Jong Un as the supreme commander of the KPA.

Until 2017, many North Korean spies were arrested in South Korea. But far fewer were arrested in the following years, apparently as the North started using new technologies rather than old-fashioned spying. In particular, high-profile defectors warned that Pyongyang had created a body of 6,000 skilled hackers.

{{Main articles|North Korean remote worker infiltration scheme}}

The Reconnaissance General Bureau's department 53{{Cite web |last=Otto |first=Greg |date=2025-01-16 |title=Treasury sanctions North Korea over remote IT worker schemes |url=https://cyberscoop.com/treasury-sanctions-north-korea-over-remote-it-worker-schemes/ |access-date=2025-06-11 |website=CyberScoop |language=en-US}} has been involved in recruiting and training operatives for North Korea's large-scale remote worker infiltration scheme, which emerged around 2014 and significantly expanded during the COVID-19 pandemic. The RGB recruits top graduates from prestigious institutions such as Kim Chaek University of Technology and the University of Sciences in Pyongsong, training them in hacking techniques and foreign languages before deploying them as remote workers in Western companies under stolen identities. These operatives primarily target IT roles at US and European companies, using AI-enhanced interviews and deepfake technology to pass hiring processes, with individual workers earning an average of $300,000 annually that is funneled back to fund North Korea's weapons programs. The scheme has affected nearly every Fortune 500 company, generating millions in revenue while also enabling data theft and malware installation.{{cite web |date=2025 |title=North Korea Stole Your Tech Job |url=https://www.wired.com/story/north-korea-stole-your-tech-job-ai-interviews/ |access-date=June 10, 2025 |website=Wired}}

• Glocom (defence company)

{{Reflist}}

{{North Korean armed forces}}

{{National intelligence agencies}}

{{Authority control}}

Category:Military intelligence agencies

Category:North Korean intelligence agencies

Category:General Staff Department of the Korean People's Army