The Democratic People’s Republic of Korea’s Violations and Evasions of UN Sanctions through Cyber and IT Worker Activities

Today at the United Nations, the United States joined other members of the Multilateral Sanctions Monitoring Team (MSMT) to highlight their recent report. First released in October, the report focuses on the Democratic People’s Republic of Korea’s (DPRK) violations and evasions of UN sanctions through illicit cyber and information technology worker activities. This MSMT report finds that the DPRK routinely violates UN Security Council resolutions through malicious cyber and IT worker activities. These activities generate revenue for the DPRK’s unlawful weapons of mass destruction (WMD) and ballistic missile programs. The MSMT report is an unprecedented effort that exposes DPRK sanctions violations, with 140 pages of previously non-public information from 11 UN member states participating in MSMT and nine private sector companies. The report is available at the MSMT website. The DPRK continues to engage in malicious cyber operations. In the three months since the report’s release, the DPRK has stolen an additional $400 million in cryptocurrency, bringing the total stolen in 2025 to more than $2 billion. Key MSMT Report Findings DPRK cyber units target defense companies in North America, Europe, and Asia, and critical infrastructure worldwide to steal sensitive information and intellectual property for WMD and ballistic missile development. The DPRK cyber program has reached a level of sophistication approaching that of China and Russia and poses a serious, pervasive threat to the United States and the international community. The report identifies over 40 countries and territories that have either been targeted by or involved in DPRK’s malicious cyber activity and IT worker activities. DPRK cyber actors have victimized the cryptocurrency industry, stealing at least $2.8 billion from Jan. 2024 – Sept. 2025 from cryptocurrency companies and customers all over the world, including in the United States, through over 40 cryptocurrency heists named in the MSMT report. DPRK national and foreign facilitator networks in China, Russia, Cambodia, Vietnam, and the UAE assist in laundering and procurement. The DPRK has IT workers operating in at least eight countries, including China, Russia, Laos, Cambodia, Equatorial Guinea, Guinea, Nigeria, and Tanzania. Most known DPRK IT workers are based in China (1,000 – 1,500); plans exist to send up to 40,000 laborers, including IT workers, to Russia. DPRK IT workers are increasingly engaged in malicious cyber activities including cryptocurrency theft and data extortion. The DPRK regularly relies on Chinese infrastructure and financial institutions; at least 19 Chinese banks have been used to launder funds. Over-the-counter traders in China are key to converting stolen cryptocurrency into fiat currency