Member countries of the international monitoring group MSMT have concluded that North Korea is increasing its use of cybercrime and the remote work of its citizens abroad to circumvent international sanctions and support its nuclear and missile programs. A recent report, covering the years from January 2024 to September 2025, highlights this strategy.
The report’s authors highlight that virtually all illegal activities are orchestrated by organizations that have already been subjected to punitive measures. Through shell companies and anonymous IT groups, these entities operate with the primary goal of financially supporting prohibited weapons programs.
According to the authors of the paper, North Korean hackers stole at least $2.8 billion in cryptocurrency during this period. Nearly half of this amount was attributed to a single incident: the hack of the Bybit cryptocurrency exchange in February of this year, which resulted in the theft of approximately $1.4 billion .
Pyongyang also continues to send IT delegations abroad posing as freelancers. It is estimated that between 1,000 and 1,500 of these specialists currently work in China alone. Their goal is to generate revenue under false names and funnel the funds to the regime. This practice directly violates United Nations Security Council resolutions prohibiting member states from employing North Korean citizens and requiring their repatriation.
Victims of this phenomenon have also been reported in Japan, India, the United Arab Emirates, and Singapore. The laundering of stolen digital assets occurred through exchanges and forex firms in various countries; the proceeds were then converted into cash to purchase raw materials and equipment.
North Korea actively uses China’s financial and telecommunications infrastructure. The report cites 15 Chinese banks involved in money laundering operations. Furthermore, the regime relies on a network of intermediaries in China, Vietnam, Laos, the United Arab Emirates, and even Argentina. These facilitate cryptocurrency transactions, equipment purchases, and fictitious labor services.
The report’s recommendations call on states to strengthen controls on cryptocurrency transactions, improve vetting procedures for hiring remote workers, block the accounts of suspicious freelancers, and prevent transactions linked to North Korean intermediaries. Special attention is paid to the need to repatriate all North Korean citizens who continue to work abroad in violation of existing resolutions.
According to estimates, revenues from cybercrime have already eclipsed North Korea’s earnings before the implementation of global sanctions in 2016-2017. The laundered cryptocurrency not only covers domestic needs but also supports the sale of weapons to other nations.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
