Reconnaissance General Bureau (RGB)

The Reconnaissance General Bureau is North Korea's primary intelligence and covert-operations agency, serving as the central command authority for all of the regime's offensive cyber operations. Unlike Western intelligence agencies whose primary mandate is espionage and national security, the RGB has an explicit financial mission: generating illicit hard-currency revenue for the Kim regime to fund its nuclear weapons and ballistic missile programmes in defiance of UN Security Council sanctions that have effectively cut North Korea off from the international financial system. The RGB controls a portfolio of specialised hacking units with defined operational lanes to minimise overlap and maximise efficiency: Lazarus Group (APT38) handles large-scale disruption and flagship cryptocurrency heists; BlueNoroff (Stardust Chollima) specialises in financial institution and crypto-firm targeting; and Andariel (Silent Chollima) focuses on South Korean government, defence, and infrastructure targets alongside ransomware operations. Collectively, these units have stolen an estimated $3–6 billion in cryptocurrency between 2017 and 2026, making the RGB one of the most financially consequential criminal organisations in history. Example: The RGB's cyber mandate directly financed North Korea's accelerated ballistic missile test cadence in 2022–2024 — UN Panel of Experts reports estimated that stolen cryptocurrency proceeds funded approximately 40% of the regime's weapons-of-mass-destruction programme during this period, demonstrating that crypto-asset theft has become a strategic instrument of North Korean state policy. Why it matters for compliance: The RGB's institutional structure means North Korean cyber operations are persistent, well-resourced, and continuously evolving — not opportunistic criminal activity. Crypto exchanges, DeFi protocols, and Web3 infrastructure providers face an adversary with nation-state patience, zero risk of domestic prosecution, and a direct incentive to steal at the maximum scale their capabilities allow.

Category: compliance, regulatory frameworks

Explore the full Web3 Glossary — 2,062+ expert-curated definitions. Need guidance? Talk to our consultants.