North Korea continues exporting information technology (IT) workers to conduct malicious cyber activities that finance the regime’s nuclear and ballistic missile weapons programs in violation of United Nations Security Council resolutions.
The workers, using false documents and stolen identities to conceal their nationality, take advantage of demand for IT skills to obtain freelance employment from targets in East Asia, Europe and North America, the Japanese and Republic of Korea (ROK) foreign ministries and the United States State Department said in late August 2025.
“Hiring, supporting, or outsourcing work to North Korean IT workers increasingly poses serious risks, ranging from theft of intellectual property, data, and funds to reputational harm and legal consequences,” according to their joint statement, which coincided with the nations hosting a Tokyo event supporting international industry collaboration to fight North Korean exploitation.
At the same time, the U.S. Treasury Department sanctioned four entities for their roles in a fraudulent IT worker scheme orchestrated by Pyongyang. “The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom,” John K. Hurley, Treasury undersecretary for terrorism and financial intelligence, said in a news release.
The North Korean regime confiscates most of the wages earned by the overseas IT workers, generating hundreds of millions of dollars for its illegal weapons programs. North Korean workers also have clandestinely introduced malware into company networks to steal proprietary and sensitive data, the Treasury Department said. North Korean hackers stole about $659 million in cryptocurrency assets in 2024, according to Japan, the ROK and the U.S.
The Treasury Department sanctioned a North Korean trading company, a Chinese front company and two individuals for providing financial assistance to generate revenue for the North Korean regime.
Japan, the ROK and the U.S. employ sanctions and other methods to counter cyber activities financing North Korea’s weapons programs. The nations also participate in coordinated initiatives to track and disrupt such illicit activities, focusing on cryptocurrency laundering, and have imposed sanctions on North Korean individuals and entities linked to these activities.
Seoul’s 2024 National Cybersecurity Strategy emphasizes proactive defense against threats such as North Korean state-sponsored hacking. The ROK has imposed sanctions on North Koreans, including the head of the regime’s spy agency, for earning foreign currency through illegal cyber activities and technology theft that funds the weapons programs.
Japan also has sanctioned North Korean hacking groups and individuals involved in cyber espionage. Tokyo coordinated with Seoul and Washington on identifying cyber actors, publicizing joint indictments and sharing sanctions lists targeting North Korean hacking entities.
The U.N. Security Council has adopted nine major resolutions sanctioning North Korea over its nuclear and missile activities since 2006. One called for Pyongyang to abandon its nuclear program in a “complete, verifiable and irreversible” manner, end its ballistic missile activities, and return to nuclear reduction talks.
The resolution froze the financial assets of entities the Security Council determined were supporting the regime’s weapons programs. Subsequent resolutions expanded an arms embargo, identified additional individuals and entities for asset freezes and travel bans, strengthened enforcement, and prohibited or limited some North Korean exports.
North Korean hackers also saturated the crypto industry with fake job offers as part of a campaign to steal digital cash from applicants, the Reuters news service reported, citing a September 2025 report by cybersecurity companies SentinelOne and Validin.
The head of the Czech Republic’s cybersecurity agency said that month that the global community, including governments, private companies and international organizations, must collaborate to counter North Korea’s cyberattacks.
“Cyber threats emanating from North Korea have in recent years clearly grown in scope and severity,” Lukas Kintr, director of the National Cyber and Information Security Agency, told the ROK’s Yonhap News Agency. “North Korean threat actors are becoming more sophisticated and creative, and their extensive use of artificial intelligence is allowing their campaigns to become larger in scale and more effective.”
About the Author
