Cyber Incident Victim: Reconnaissance General Bureau

In early 2017, President Donald Trump signed a presidential directive authorizing a comprehensive U.S. government strategy to increase pressure on North Korea through coordinated actions across multiple agencies. This directive specifically enabled the use of military cyber capabilities as part of the pressure campaign. On or around September 30, 2017, U.S. Cyber Command executed operations targeting North Korea's Reconnaissance General Bureau (RGB), the military intelligence agency known for conducting cyber operations. The operation involved flooding the RGB's computer servers with massive amounts of internet traffic, a technique designed to overwhelm their systems. This deliberate disruption caused significant degradation of internet connectivity for the RGB's hacker units, impairing their ability to maintain normal operations. The cyber strike represented an escalation in U.S. efforts to counter North Korean cyber threats through active network interference rather than purely defensive measures.

The campaign against the RGB formed one component of a broader interagency strategy outlined in Trump's directive, which mobilized diplomatic, economic, and military tools to confront North Korean threats. While the exact duration and full scope of the cyber operation remain undisclosed, its immediate effect was the disruption of internet-dependent activities conducted by RGB cyber personnel. The operation marked an early public example of Cyber Command employing offensive cyber tactics to directly degrade an adversary's capabilities under the Trump administration's more assertive cybersecurity policy framework. No collateral impacts on non-military systems or third-party networks were reported in connection with this specific action. The incident demonstrated the integration of cyber operations into traditional national security measures against state adversaries.