Amid the news that North Korean authorities recently created a new hacking organization dedicated to stealing information related to COVID-19, Daily NK has learned that North Korean leader Kim Jong Un is directly handling the results of the organization’s work.

According to a high-ranking Daily NK source, North Korean authorities created the new hacking group – called Bureau 325 – on Jan. 3, immediately before the Eighth Party Congress. It is nominally under the Reconnaissance General Bureau (RGB), but it reports not to the RGB director but to Kim Jong Un himself. The source explained that the group was organized to take orders directly from the North Korean leader.

Immediately after the group was created, Kim’s powerful sister Kim Yo Jong appeared to be inspecting the organization’s composition and taking direct charge of its work results.

However, Central Committee Secretary Jo Yong Won reportedly now manages Bureau 325 directly, rounding up its results and making final reports to Kim Jong Un. This suggests Kim has taken an interest in crucial information related to COVID-19 and securing vaccine technology.

However, RGB’s Bureau 325 is reportedly involved in more than just pilfering information regarding COVID-19. It is also stealing science, technology and financial information from “major” nations as well.

humanitarian support vaccines
North Korean state media reported on Jan. 30, 2020, that it was making every effort to combat an outbreak of the novel coronavirus. / Image: Rodong Sinmun

Bureau 325 is reportedly composed of five teams. “Internally [in North Korea], it has two research labs with about 800 personnel,” said the source. “Overseas, it has three research labs, but it’s hard to know how many personnel work for them.”

This is to say, not only is information regarding hackers operating overseas a tightly held secret, but their numbers and areas of operation regularly change, so ascertaining exactly how many hackers there are is difficult. However, those operating overseas reportedly far outnumber those operating in North Korea.

According to the source, the three overseas research labs do the actual stealing of information, while personnel in North Korea process the hacked data.

Group 325 is reportedly composed of talented members of existing hacking groups separately selected for the new organization, along with recently-hired top university graduates who majored in IT-related fields.

Their targets reportedly include major biochemistry and pharmaceutical labs, drug companies and important national administrative and intelligence bodies.

The source claims the group targets not only South Korean government organizations and labs, but also major institutions in the United States and China.

Meanwhile, North Korean authorities have apparently handed down an order to build a thorough security system around Bureau 325 by Feb. 16, when the nation celebrates the birthday of late North Korean leader Kim Jong Il.

In the case of the bureau’s overseas teams, they have been ordered to work with local facilitators to put in place conditions so that they can immediately move locations to avoid being tracked, as well as to bolster their IP masking systems.

Work has also reportedly been completed on forging documents to help hackers operating overseas avoid tracking and law enforcement. For example, hackers have been told to carry two or more forged passports.

The source said it appears the “Supreme Commander” (Kim Jong Un) will give orders after Kim Jong Il’s birthday, once all the preparations surrounding Bureau 325 have been completed. The source said this means the group will soon begin “full-scale” operations.

Please direct any comments or questions about this article to
Read in Korean
Seulkee Jang is one of Daily NK's full-time reporters and covers North Korean economic and diplomatic issues, including workers dispatched abroad. Jang has a M.A. in Sociology from University of North Korean Studies and a B.A. in Sociology from Yonsei University. She can be reached at skjang(at)