Peoples Republic Of Korea Violating And Evading UN Sanctions Through Cyber And IT Worker Activities.

Washington; January 2026: On 12th January 2026, the United States had joined other members of the Multilateral Sanctions Monitoring Team (MSMT) to highlight their recent report.  First released in October, the report focuses on the Democratic People’s Republic of Korea’s (DPRK) violations and evasions of UN sanctions through illicit cyber and information technology worker activities.

This MSMT report finds that the DPRK routinely violates UN Security Council resolutions through malicious cyber and IT worker activities.  These activities generate revenue for the DPRK’s unlawful weapons of mass destruction (WMD) and ballistic missile programs.  

The MSMT report is an unprecedented effort that exposes DPRK sanctions violations, with 140 pages of previously non-public information from 11 UN member states participating in MSMT and 09 private sector companies.

The DPRK continues to engage in malicious cyber operations.  In the three months since the report’s release, the DPRK has stolen an additional $400 million in cryptocurrency, bringing the total stolen in 2025 to more than $2 billion.

Key MSMT Report Findings:

• DPRK cyber units target defense companies in North America, Europe, and Asia, and critical infrastructure worldwide to steal sensitive information and intellectual property for WMD and ballistic missile development.

• The DPRK cyber program has reached a level of sophistication approaching that of China and Russia and poses a serious, pervasive threat to the United States and the international community.

• The report identifies over 40 countries and territories that have either been targeted by or involved in DPRK’s malicious cyber activity and IT worker activities.

• DPRK cyber actors have victimised the cryptocurrency industry, stealing at least $2.8 billion from January 2024 to September 2025 from cryptocurrency companies and customers all over the world, including in the United States, through over 40 cryptocurrency heists named in the MSMT report.

• DPRK national and foreign facilitator networks in China, Russia, Cambodia, Vietnam, and the UAE assist in laundering and procurement.

• The DPRK has IT workers operating in at least 08 countries, including China, Russia, Laos, Cambodia, Equatorial Guinea, Guinea, Nigeria, and Tanzania.

• Most known DPRK IT workers are based in China (1,000 – 1,500); plans exist to send up to 40,000 laborers, including IT workers, to Russia.

• DPRK IT workers are increasingly engaged in malicious cyber activities including cryptocurrency theft and data extortion.

• The DPRK regularly relies on Chinese infrastructure and financial institutions; at least 19 Chinese banks have been used to launder funds.

• Over-the-counter traders in China are key to converting stolen cryptocurrency into fiat currency.

Team Maverick.