North Korea’s cyber and information technology worker activities violate UN Security Council resolutions and support the unlawful development of weapons of mass destruction and ballistic missiles.
State Department Principal Deputy Assistant Secretary for East Asian and Pacific Affairs Jonathan Fritz briefed UN Member States on the second Multilateral Sanctions Monitoring Team (MSMT) report, which focuses on the Democratic People’s Republic of Korea’s (DPRK) violations and evasions of UN sanctions through illicit cyber and information technology worker activities.
The DPRK’s activities harm everyday consumers and citizens in the U.S. and elsewhere who have repeatedly been the targets of DPRK cybercrime. North Korea's cyber and IT activities target Pyongyang's friends and foes alike. Indeed, they particularly target companies across the globe to steal funds, information, intellectual property rights, and personal data through fraudulent criminal activity.
These teams use fraud, hacking, and very sophisticated social engineering to generate revenue for the UN designated entities they support through cybercrime and fraudulent IT work. Pursuant to UN Security Council Resolution 2094, UN Member states are required to prevent provision of any financial assets or resources that could contribute to the DPRK’s weapons of mass destruction related programs or activities.
The majority of North Korean cryptocurrency heists are carried out by actors working on behalf of UN designated entities like the Reconnaissance General Bureau, the DPRK’s premier intelligence organization. The MSMT estimates that the DPRK stole at least $2.8 billion between January 2024 and September of 2025.
In February 2025, the DPRK stole $1.4 billion in cryptocurrency from a single cryptocurrency exchange called Bybit. This is the largest cryptocurrency theft of all time, perhaps the largest theft of any kind of all time, according to the MSMT. North Korea has now converted all of the cryptocurrency stolen from Bybit and its customers into fiat currency through sophisticated laundering techniques.
The DPRK relies on networks of North Korean nationals abroad and foreign based facilitators, including in China, Russia, Argentina, Cambodia, Vietnam and the United Arab Emirates, to launder stolen digital assets into fiat currency for procurement activities and for funding its unlawful WMD and ballistic missile programs.
DPRK IT workers, while distinct from cyber actors, are also systematically engaged in activities prohibited by UN Security Council resolutions. From locations across the globe, North Korea and its workers posed as nationals of other countries online in order to fraudulently gain employment, often with tech companies, in order to earn a salary and then remit the funds from that salary to the parent organization, which in turn uses those monies to fund procurement and other illicit activities.
“The only way to make a dent in this activity is for UN member States to work diligently together to implement UN Security Council resolutions,” said Deputy Assistant Secretary Fritz “and we welcome discussion of how we can best collaborate to ensure not only that, North Korea cannot rely on these activities to engage in sanctioned activities, but to protect our economies our companies and our citizens from cybercrime.”
North Korea’s cyber and information technology worker activities violate UN Security Council resolutions and support the unlawful development of weapons of mass destruction and ballistic missiles.