North Korean hackers have siphoned off billions of dollars by breaching cryptocurrency exchanges and using false identities to secure remote tech jobs abroad, according to a new international assessment of the country’s cyber operations.
The 138-page report, released by the Multilateral Sanctions Monitoring Team—a coalition including the U.S. and 10 allied nations—found that Pyongyang’s government directs these covert schemes to bankroll its nuclear weapons research and development. The group was established last year to track North Korea’s adherence to U.N. sanctions.
The findings reveal that North Korea has leveraged cryptocurrencies to launder illicit funds and procure military equipment, effectively evading global restrictions tied to its nuclear ambitions. Investigators noted that hackers linked to Pyongyang routinely deploy malware against international corporations and institutions, aiming to disrupt systems and exfiltrate sensitive data.
Despite its isolation and limited economic power, North Korea has made substantial investments in offensive cyber warfare, achieving a level of sophistication that rivals China and Russia, the report concluded. Unlike other major cyber actors such as China, Russia, and Iran, North Korea primarily uses its hacking operations as a financial lifeline—employing cyberattacks and fake employees to generate state revenue.
The report further stated that, aided by actors in Russia and China, North Korea’s cyber campaigns have “been directly linked to the destruction of physical computer equipment, endangerment of human lives, private citizens’ loss of assets and property, and funding for the DPRK’s unlawful weapons of mass destruction and ballistic missile programs.”
The monitoring team—comprising the U.S., Australia, Canada, France, Germany, Italy, Japan, the Netherlands, New Zealand, South Korea, and the United Kingdom—was created after Russia vetoed a U.N. Security Council resolution that previously empowered a panel of experts to oversee North Korea’s sanctions compliance. Its initial report in May examined North Korea’s military aid to Russia.
Earlier this year, hackers tied to North Korea executed one of the largest cryptocurrency thefts in history, stealing $1.5 billion in Ethereum from the exchange Bybit. The FBI later attributed the theft to a hacker collective operating under North Korea’s intelligence agency.
U.S. authorities have also alleged that thousands of North Korean IT professionals are secretly employed by American companies using stolen or fabricated identities. These workers allegedly infiltrate internal systems and redirect their earnings back to the North Korean regime—sometimes juggling multiple remote jobs simultaneously.
A request for comment sent to North Korea’s mission to the U.N. on Wednesday went unanswered.
