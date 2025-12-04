North Korea's Kim will join Chinese President Xi Jinping and other world leaders including Russia's Vladimir Putin for a huge spectacle in which China will showcase its military prowess - Copyright AFP/File Pedro Pardo

In response to reports that North Korea is blending human intelligence, cyber operations, signals intelligence, and psychological warfare into its unified intelligence agency called the Reconnaissance Information General Bureau, from Ryan Sherstobitoff, who is the Chief Threat Intelligence Officer at SecurityScorecard, tells Digital Journal what this means for businesses and what governments need to be considering.

The Reconnaissance General Bureau is part of the General Staff Department, acting as a North Korean intelligence agency that manages the state’s clandestine operations. Most of their operations have a specific focus on Japan, South Korea, and the U.S. The Bureua was established in 2009; signs are that it is becoming more sophisticated.

Sherstobitoff sees the latest development as posing an increased risk to several states: “North Korea’s decision to merge its intelligence and cyber units under one agency is a major strategic shift we’ve been watching unfold for the past two years.”

As an example, Sherstobitoff cites: “Our research in 2024 and 2025 uncovered multiple fake job recruitment campaigns run by threat actors tied to the Reconnaissance General Bureau (RGB). These campaigns used a mix of social engineering, social media, and malware to target engineers, developers, and cryptocurrency professionals.”

With another example, Sherstobitoff warns: “In Operation 99, the STRIKE Threat Intelligence Team’s analysis revealed that North Korean actors posed as recruiters on LinkedIn and lured developers with fake work. In this campaign they targeted unsuspecting victims with malware aimed at infiltrating global developer networks, stealing proprietary code, and cryptocurrency wallet keys.”

Using open source systems presents a major risk, as Sherstobitoff observes: “More recently, our team has observed Lazarus Group, a threat actor linked to the RGB, taking things a step further by weaponizing open-source software ecosystems. We’ve seen malicious NPM packages and supply chain attacks designed to compromise development tools and insert backdoors into legitimate software projects. This is a clear escalation in tactics, moving beyond phishing or credential theft to direct manipulation of the global software supply chain.”

The Lazarus Group has strong links to North Korea. The U.S. Department of Justice has claimed the group is part of the North Korean government’s strategy to “undermine global cybersecurity … and generate illicit revenue in violation of … sanctions”.

Wrapping up his main warning, Sherstobitoff highlights: “By uniting human intelligence, cyber operations, and psychological influence under one structure, Pyongyang is becoming faster, more coordinated, and more precise in its targeting. This consolidation gives North Korean threat actors the ability to scale their campaigns rapidly and reach both individuals and institutions with alarming efficiency. Based on current patterns, we expect their activity to continue, and likely expand, over the months ahead.”