TheReconnaissance General Bureau (Korean: 정찰총국;RGB), part of theGeneral Staff Department, is aNorth Koreanintelligence agency that manages the state'sclandestine operations.^[1] Most of their operations have a specific focus on Japan, South Korea, and the United States.^[2] It was established in 2009.^[2][3]

The RGB is regarded as North Korea's primary intelligence and clandestine operations organ.^[4] Although its original missions have traditionally focused on clandestine operations such as commando raids, infiltrations and disruptions, the RGB has since come to control most of the known North Korean cyber capabilities, mainly underBureau 121 or its speculated successor, theCyber Warfare Guidance Bureau.^[4]

It was headed at one time byKim Yong-chol as the first head of the RGB.^[5][6]

It is the direct successor of theGeneral Staff Department of the Korean People's Army'sReconnaissance Bureau (Korean:정찰국)^[7] (which was responsible for several North Korean acts of espionage such as the1996 Gangneung submarine infiltration incident^[8]). In addition, two former offices of theCentral Committee of the Workers' Party of Korea (WPK) were moved into the Reconnaissance General Bureau, namely the WPK's External Investigations and Intelligence Department (Korean:조선로동당 대외정보조사부), also known as Office 35, and the WPK's Operations Department, which was responsible for kidnapping foreign nationals during theCold War.^[9][3][10]

The RGB was established in 2009 to consolidate various intelligence and special operations agencies of the North Korean government, meaning that units previously tasked with "political warfare, foreign intelligence, propaganda, subversion, kidnapping, special operations, and assassinations" were merged into one single organization.^[11]

In August 2010, an RGB agent posing as a defector was caught by South Korean police for planning to assassinateHwang Jang-yop, who had defected from North Korea in 1997. The previous month two North Korean spies had been imprisoned for plotting to murder Hwang.^[12] North Korea denied involvement, but the later defector "Kim Kuk-song" said that he had personally directed the July 2010 operation.^[13] "Kim" also said "I can tell you that North Korean operatives are playing an active role in various civil society organisations as well as important institutions in South Korea.".^[13]

A defector, a former senior colonel known by the pseudonym Kim Kuk-song, whose identity has been verified by theBBC, had a senior position in the RGB until 2014, and revealed much information about the Bureau's activities in a 2021 interview with the BBC.^[13]

On October 31, 2017, two suspects were arrested byPublic Security police in Beijing in an attempt to assassinateKim Han-sol.^[14] They were part of a seven-man team sent by the RGB.^[15]

On November 12, 2021, an alleged RGB agent led an operation in Japan to illegally obtain foreign currency to shore up the North Korean economy by ordering two South Korean nationals to conduct a business that was against their official status of residence.^[16]

On February 15, 2022, an upcoming UN report mentions that the RGB is involved in running several service-related industries throughout Cambodia.^[17]

The foundations for North Korean cyber operations were built in the 1990s, after North Korean computer scientists returned from travel abroad proposing to use the Internet as a means to spy on enemies and attack militarily superior opponents such as the United States and South Korea. Subsequently, students were sent abroad to China to participate in top computer science programs.^[18]

The cyberwarfare unit was elevated to top priority in 2003 following theUS invasion of Iraq.^[18]

The structure of the RGB is as follows as of 2021:^[1][19]

Reconnaissance missions are also partially overseen by theGeneral Staff Department (GSD) of theKorean People's Army (KPA). As of 2014, experts argued that "North Korea does not seem to have yet organized these units into an overarching Cyber Command."^[11]

The RGB appears to report directly to theNational Defence Commission, as well asKim Jong Un as the supreme commander of the KPA.^[11]

Until 2017, many North Korean spies were arrested in South Korea. But far fewer were arrested in the following years, apparently as the North started using new technologies rather than old-fashioned spying. In particular, high-profile defectors warned that Pyongyang had created a body of 6,000 skilledhackers.^[13]

The Reconnaissance General Bureau's department 53^[24] has been involved in recruiting and training operatives for North Korea's large-scale remote worker infiltration scheme, which emerged around 2014 and significantly expanded during the COVID-19 pandemic. The RGB recruits top graduates from prestigious institutions such asKim Chaek University of Technology and theUniversity of Sciences in Pyongsong, training them in hacking techniques and foreign languages before deploying them as remote workers in Western companies under stolen identities. These operatives primarily target IT roles at US and European companies, using AI-enhanced interviews and deepfake technology to pass hiring processes, with individual workers earning an average of $300,000 annually that is funneled back to fund North Korea's weapons programs. The scheme has affected nearly every Fortune 500 company, generating millions in revenue while also enabling data theft and malware installation.^[25]

• Glocom (defence company)

• Reconnaissance General Bureau
• Military intelligence agencies
• North Korean intelligence agencies
• General Staff Department of the Korean People's Army

• CS1 errors: requires URL
• Articles with short description
• Short description matches Wikidata
• Use dmy dates from September 2020
• Articles containing Korean-language text