SEOUL: North Korea is reportedly finding new ways to circumvent United Nations sanctions, using cryptocurrency networks to trade raw materials and weapons while sending thousands of information technology (IT) workers abroad to generate revenue for the regime, according to a new report by the Multilateral Sanctions Monitoring Team (MSMT).
The MSMT report outlines how Pyongyang has turned cybercrime into a major foreign currency source as it struggles under international restrictions over its nuclear and ballistic weapons programmes. Under leader Kim Jong Un, the isolated nation has aggressively expanded its cyber operations, blending sophisticated hacking with global money-laundering schemes.
Massive crypto thefts funding weapons programmes
According to the report, North Korea’s cyber operatives stole at least $1.65 billion between January and September 2025, with $1.4 billion taken from the cryptocurrency exchange Bybit in a single February breach. These funds, along with an additional $1.2 billion stolen in 2024, were channelled into the development of weapons of mass destruction (WMDs) and missile systems, the report stated.
Investigators found that North Korean officials relied on stablecoins — digital currencies pegged to traditional assets like the US dollar — for transactions involving military equipment and essential raw materials, including copper used in munitions production.
IT workers operating across multiple countries
To further sidestep sanctions, Pyongyang has deployed IT professionals to at least eight countries, including China, Russia, Laos, Cambodia, Equatorial Guinea, Guinea, Nigeria, and Tanzania. The report revealed plans for up to 40,000 North Korean labourers and IT specialists to be sent to Russia, marking one of the largest sanction breaches yet.
UN sanctions explicitly prohibit North Koreans from earning wages overseas, but Russia’s growing partnership with Pyongyang has enabled such arrangements. The two nations have strengthened ties since North Korea reportedly sent weapons and troops to support Russia’s war in Ukraine.
North Korean animators infiltrate global media
The MSMT also referenced a 2024 analysis by 38 North, a programme run by the Stimson Centre think tank, which found that North Korean IT workers secretly participated in animation projects for major companies, including Amazon and HBO Max, by disguising their identities.
An Amazon spokesperson clarified that the company had never directly employed these workers. Instead, an external animation studio had hired subcontractors who were later discovered to be linked to the North Korean scheme. “They were not Amazon employees and had no access to our internal systems,” the spokesperson said.
North Korean animators were also reportedly involved in projects through Pyongyang’s state-run SEK Studio, which has a long history of subcontracting for foreign entertainment companies, including contributing to “The Simpsons Movie” (2007).
Espionage and recruitment tactics
South Korea’s intelligence service previously revealed that North Korean agents used professional networking platforms like LinkedIn to pose as recruiters targeting employees at South Korean defence firms, in attempts to extract sensitive technology data.
Global monitoring effort
The MSMT, which began operations in October 2024, includes members from Australia, Canada, France, Germany, Italy, Japan, the Netherlands, New Zealand, South Korea, the United Kingdom, and the United States. While not formally part of the UN, it independently monitors violations of UN Security Council sanctions against North Korea.
The group warned that Pyongyang’s increasing use of digital currency and covert overseas labour networks poses a serious threat to global financial systems and international security, calling for tighter monitoring of crypto exchanges and subcontracting chains that could enable North Korea’s illicit funding channels.
Leave a comment