A newly-formed hacking unit inside the Reconnaissance General Bureau (RGB) recently hacked Pfizer to steal vaccine development-related secrets, a high-level North Korean source told Daily NK on Monday.

The source said that members of the Bureau 325 in the RGB conducted the hacking operation against Pfizer recently and made several attempts to collect information based on what the source called “meticulous planning.”

While it is unclear what exactly North Korea was able to take from Pfizer through these attempts, the source told Daily NK that the hacking operation was aimed at stealing “technology” required for vaccine production.

Assemblyman Ha Tae-kyung, who is part of the National Assembly’s Intelligence Committee, told reporters at a briefing on Feb. 16 that the results of a closed-door National Intelligence Service (NIS) briefing showed that “North Korea’s cyberattack attempts have increased by 32% on average per day compared to last year.” He also stated that “among those attempts, there was a cyberattack attempt to steal COVID-19 vaccine and medical treatment technology, and pharmaceutical company Pfizer suffered a cyberattack.”

An NIS representative later told reporters that the intelligence agency’s briefing made no mention of Pfizer, but South Korean media outlets nonetheless reported that North Korea had hacked the pharmaceutical company.

In the wake of these media reports, the NIS again denied that its briefing to the intelligence committee mentioned North Korea had hacked Pfizer. The NIS stated that the briefing simply “reported on the cyber threat [posed by North Korea], along with an example of a hacking attempt in South Korea aimed at stealing vaccine and medical treatment technology.” The NIS went on to say that during the briefing “neither Pfizer nor any other domestic or international company was specifically mentioned.”

Daily NK previously reported that North Korea had created a hacking unit within the RGB aimed at securing information related to vaccine manufacturing. The article also noted that North Korea’s leadership prefers American or European vaccines, and predicted that there would be increasing numbers of hacking attempts on AstraZeneca and other major global pharmaceutical companies.

Daily NK understands that Bureau 121, a cyberwarfare agency, has been placed under the command of Bureau 325.

Bureau 121 was formed in 1998 by Kim Jong Il and is considered North Korea’s premier cyberwarfare organization.

Bureau 121 still conducts large numbers of cyberwarfare operations against financial enterprises and intelligence agencies across the world, but Daily NK’s source said that the bureau had been placed under Bureau 325 to prevent it from being tracked by the international community.

He also told Daily NK that members of Bureau 121 are being placed in a “working-level department” with nothing to do with cyberwarfare.

This is akin to expert hackers being sent to the Biological Industry Research Center at Kim Il Sung University, which focuses on developing COVID-19 vaccines and treatments.

“Recently, the Central Committee handed down an order to Bureau 325 regarding the stealing of funds,” the source said, adding, “[The bureau] will conduct hacking operations that are more professional and encompass a larger scope [than before].”

Please direct any comments or questions about this article to
Seulkee Jang is one of Daily NK's full-time journalists. Please direct any questions about her articles to